Thank you sir! may i have another? On Sat, 20 Jan 2007 18:05:50 +0100, Charlie Clark <charlie@xxxxxxxxxxxxxx> wrote: > > Am 20.01.2007 um 15:18 schrieb Alex: > >> ack ok. i have received lots of recommendations of content >> management systems. All of which have failed :) > > One has to ask the question: what actually failed? Actually I haven't > understood why you are building another system rather than getting a > Haiku category created somewhere. > I tried drupal and joomla. The currently available modules for these systems did not do as expected, and did not provide me with the flexibility i needed. >> I've decided to go with what i do best, php and mysql. > > You might want to look at some of the security issues related to that > combination particularly if you are using PHP 4.x > > eg. http://www.haikubytes.com/beta/?category='' > Php is secure unless you program insecurely. For example the link you posted: http://www.haikubytes.com/beta/?category='' This will not work. my php code scans 'category' to ensure it's an integer with regex, if it is not an integer it dies. I plan to implement several security checks such as these throughout the site. >> You can watch the progress of the site at: >> http://www.haikubytes.com/beta >> >> >> please note that the database system is in HEAVY development and >> all things may not work at all times (err or at any times :D) > > You mean you don't have a development system? > > WTF are you doing with "embedded" images? > have you ever tried to extract images from a mysql database and place them inline in html? The category images are stored mysql datablobs. I could reference the image to an external php file which could query the database and return a png header, but im lazy, and who uses IE anyway? :P /me got no lub for IE users. anyway it works with all other browsers out there anyway so, blah You may ask why I don't extract the image to a file in a temp directory and reference it in the html? Temp directory's are a bad idea in php. they are too easily compromised. Its a well known and well utilized hack to upload files through php and execute them as the apache user. > Sorry to be so negative but I suggest you reevaluate some of the > systems that have been suggested. Like i stated before its in HEAVY development, things will improve it kno it's a little ugly but im more concerned with functionality right now :) > > Charlie > -- > Charlie Clark > Helmholtzstr. 20 > Düsseldorf > D- 40215 > Tel: +49-211-938-5360 > GSM: +49-178-782-6226 ----------------------------------- Alexander von Gluck Linux Systems Administration