@Lorne Kates said:

That seemed odd, so I asked instead WHY he neededs a zero row?  "It's in the user table. I need a guest account, and I don't want the guest account to show up in the user list".

 Why not just add another column to the table-- is_guest or something?

Well,  then he'd have to change the code everywhere to check "if ! user[is_guest] then..."

Oh.  But, how are you going to keep the user from showing up in the list as it is now?

Simple.  Just change the code everywhere the user list is used to say "if id > 0 then dowhaever...."

 

Your solution doesn't make sense here.

If there's only to be one row with a guest then,

a) you still have to have one id with the guest details (and is_guest set to true)

b) every other row will have is_guest set to 0

Since you will know the row id of the guest row, whether it be 0, 10 or 251160 there's no point making another column to say the same thing.

Personally I think having 0 for a guest row is perfectly reasonable.

Of course if I misunderstood and there are to be multiple guest rows, then your solution is better.

 

Summary: Kagi is a payment processing e-commerce type application. It sends an xml string from the vendor's site. Included in this xml string is the price of the product.. which you can change if you like.

The Kagi CEO then comments on the blog entry and says it's a feature not a bug.

The benchmarks referenced are: from http://shootout.alioth.debian.org/u32q/benchmark.php?test=all&lang=php&lang2=gpp&box=1

That is a shootout of a number of set tests on a single intel chip.

Facebook has a set of php scripts across tens of thousands of servers, possibly with different cpus, billions if not trillions of db rows with a fuckload of them being selected per second, and trillions of files to pick from.

So obviously the given analysis is a near perfect comparison to Facebook's setup.

@nion said:

extract($playerinfo, EXTR_OVERWRITE);

And why are you extracting the array? You don't reference the extracted vars and since $_SESSION now holds it all there's no need to have them. In case you don't know what extract does, it turns

$array['foo'] = 'bar';
$array['fee'] = 'bee';

Into

$foo = 'bar';
$fee = 'bee';

Sorry for the double post, I can't find an edit button. Every time I use this asinine forum software I end up wanting to punch things.

@nion said:

$playerinfo = mysql_fetch_array($result); extract($playerinfo, EXTR_OVERWRITE);

You do know that by default, mysql_fetch_array fetches both assoc and numeric indexes which you then put into $_SESSION.

e.g. $_SESSION['clientdata'] = 'foo', $_SESSION[0] = 'foo';

Use mysql_fetch_assoc instead.

 

 

@nion said:

PS: I have no idea what the hell would happen in the event more than one person had the same password. Thankfully, it never did.

Given that it's a while loop that processed the result, $session would end up filled with the lastmost row in the resultset.

 

Also, you haven't escaped the inputted username or password. And the password is stored in plaintext.

Visit any page on http://www.iconflict.com/ right now and you'll get this (I've manually wrapped #0 to #2):

 

DatabaseException

Connect failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

Query

Stack Trace

#0 /usr/share/php/reflexions_framework/persistence/Database.php(39):
    Database->__construct('mysqli', 'localhost', 'iconflict', 'mko09ijn', 'iconflict')
#1 /usr/share/php/reflexions_framework/persistence/PersistenceEngine.php(61): 
    Database::get_current()
#2 /usr/share/php/reflexions_framework/persistence/PersistenceEngine.php(42): 
    PersistenceEngine->__construct('guid')
#3 /usr/share/php/reflexions_framework/auth/SessionUser.php(135): PersistenceEngine::get_current()
#4 [internal function]: SessionUser::session_read('1k554dfn437pr0g...')
#5 /usr/share/php/reflexions_framework/auth/SessionUser.php(83): session_start()
#6 /usr/share/php/reflexions_framework/siteshell/SiteShell.php(66): SessionUser::init()
#7 /var/www/vhosts/iconflict.com/public/plugins/IConflictPlugin.php(50): SiteShell::get_current_user()
#8 /var/www/vhosts/iconflict.com/public/plugins/DetailPlugin.php(21): IConflictPlugin->setup_fields(Object(URLTree), NULL, Array)
#9 /usr/share/php/reflexions_framework/siteshell/SiteShell.php(288): DetailPlugin->setup_fields(Object(URLTree), NULL, Array)
#10 /usr/share/php/reflexions_framework/siteshell/SiteShell.php(141): SiteShell::render(Object(DetailPlugin))
#11 /var/www/vhosts/iconflict.com/public/htdocs/index.php(10): SiteShell::main('detail/Beijing-...', Array)
#12 {main}

Was just browsing the Dell site. Came to the gpu selection. Apparently nVidia is now using ATis logo.. 

[URL=http://imageshack.us][IMG]http://img221.imageshack.us/img221/9169/image1oq4.png[/IMG][/URL]

 

@MarcB said:

The database drivers, on the other hand, DO know what a query is. I can't speak for all of them, but the MySQL client libraries don't allow multiple queries to be embedded in the string passed to the query functions. It'll spit out a syntax error.

Oops, yes that's what I meant. 

@Fred Foobar said:

And no good on the db.inc idea - the files appear to be include()d.

But what's the point, when any search box is a SQL prompt... 

As far as I'm aware, php doesn't let you stack multiple queries using a ;  meaning the search box only acts as a 'SELECT .. FROM specified_table' query. 

I was just about to post that very link

I wonder if the dir or pg parameters are sanitised.. nope, direct passthrough!

 

http://helprick.com/theme/14382/index.php?dir=a&pg=b

Warning: main(../../a/b): failed to open stream: No such file or directory in /var/www/vhosts/cat.doublepi.com/httpdocs/theme/14382/index.php on line 57

 

I wonder if he's left the db details in a file called db.inc or something.