Slight PHP changes
24 views
Skip to first unread message
WuDi Wu
Nov 19, 2008, 10:24:14 PM11/19/08
to Tabbie Development
Hey guys!
I was Tabbie'ing it up for BP Nationals in Canada, and made some
slight fixes to the code. I figured this would be the best place to
share some of them?
There were two main problems I noticed (in the "Windows all in one"
package):
1) magic_quotes, mentioned in an earlier post on this group. The
global variable setting for magic_quotes is undependable, because some
users might know about it, or because it might not universally apply,
or because it just sometimes doesn't work. The main problem (not only
because the lack of escaping quotation marks causes an SQL exception
being thrown by Tabbie) is that when quotation marks cause an error in
adding a team, the team is added in the database, but is not actually
acknowledged as existing in the rest of the Tabbie, except for team
standings. This makes everything screw up slightly.
I "fixed" this by adding "addslashes" in the four scripts that were
most vulnerable to this error occurring:
input/univ.php
---
line 28: $univ_name=trim(addslashes(@$_POST['univ_name']));
line 29: $univ_code=strtoupper(trim(addslashes(@$_POST
['univ_code'])));
input/team.php
---
line 28: $univ_id=trim(addslashes(@$_POST['univ_id']));
line 29: $team_code=trim(addslashes(@$_POST['team_code']));
line 33: $speaker1=trim(addslashes(@$_POST['speaker1']));
line 34: $speaker2=trim(addslashes(@$_POST['speaker2']));
input/motion.php
---
line 7: $motion=trim(addslashes(@$_POST['motion']));
input/venue.php
---
line 28: $venue_name=trim(addslashes(@$_POST['venue_name']));
line 29: $venue_location=trim(addslashes(@$_POST['venue_location']));
2) Apparently, in the "Windows all in one" package (this error isn't
on SmoothTournament), all the links to team_overview.php accidentally
leave out the ".php", making all the team names' unclickable, in
essence. Changes to fix:
standing/teamstanding/display.php
---
line 107: echo "<td>"."<a href=\"team_overview.php?team_id={$cc
['team_id']}\">".$cc["teamname"]."</a></td>\n";
standing/speakerstanding/display.php
---
line 174: echo "<td>"."<a href=\"team_overview.php?team_id=
{$speaker_array[$x]['team_id']}\">".$speaker_array[$x]["teamname"]."</
td>\n";
standing/position/display.php
---
line 126: echo "<td><a href=\"team_overview.php?team_id={$team
['teamid']}\">".$team["teamname"]."</a></td>\n";
team_overview.php
---
line 48: print "<li><a href=\"team_overview.php?team_id={$row
['team_id']}\">{$row['univ_code']} {$row['team_code']} ({$row
['speaker1']} and {$row['speaker2']})</a></li>";
line 95: print "<tr><td>$long</td><td><a href=\"team_overview.php?
team_id=$id\">$name</a></td><td>$ranking</td><td>$points</td><td>
$before</td><td>$after</td><td>$final</td></tr>";
So yeah, that's basically that. Also, one other note; here in Canada,
we generally use a 35-42 scale for tournaments, meaning we use decimal
places, so if you want Tabbie to support half marks (otherwise, since
the MySQL column is int, it'll be automatically rounded up), these
changes are needed in result/currentround.php:
line 352: $query.="`points` float NOT NULL default '0', ";
line 425: $query.="`points` float NOT NULL default '0', ";
That's all =]! I'd probably love to be a developer for Tabbie, but
one, I'm not sure if I'd be qualified enough, and two, I really need
to brush up on my statistical knowledge.
Lemme know what people think.
I was Tabbie'ing it up for BP Nationals in Canada, and made some
slight fixes to the code. I figured this would be the best place to
share some of them?
There were two main problems I noticed (in the "Windows all in one"
package):
1) magic_quotes, mentioned in an earlier post on this group. The
global variable setting for magic_quotes is undependable, because some
users might know about it, or because it might not universally apply,
or because it just sometimes doesn't work. The main problem (not only
because the lack of escaping quotation marks causes an SQL exception
being thrown by Tabbie) is that when quotation marks cause an error in
adding a team, the team is added in the database, but is not actually
acknowledged as existing in the rest of the Tabbie, except for team
standings. This makes everything screw up slightly.
I "fixed" this by adding "addslashes" in the four scripts that were
most vulnerable to this error occurring:
input/univ.php
---
line 28: $univ_name=trim(addslashes(@$_POST['univ_name']));
line 29: $univ_code=strtoupper(trim(addslashes(@$_POST
['univ_code'])));
input/team.php
---
line 28: $univ_id=trim(addslashes(@$_POST['univ_id']));
line 29: $team_code=trim(addslashes(@$_POST['team_code']));
line 33: $speaker1=trim(addslashes(@$_POST['speaker1']));
line 34: $speaker2=trim(addslashes(@$_POST['speaker2']));
input/motion.php
---
line 7: $motion=trim(addslashes(@$_POST['motion']));
input/venue.php
---
line 28: $venue_name=trim(addslashes(@$_POST['venue_name']));
line 29: $venue_location=trim(addslashes(@$_POST['venue_location']));
2) Apparently, in the "Windows all in one" package (this error isn't
on SmoothTournament), all the links to team_overview.php accidentally
leave out the ".php", making all the team names' unclickable, in
essence. Changes to fix:
standing/teamstanding/display.php
---
line 107: echo "<td>"."<a href=\"team_overview.php?team_id={$cc
['team_id']}\">".$cc["teamname"]."</a></td>\n";
standing/speakerstanding/display.php
---
line 174: echo "<td>"."<a href=\"team_overview.php?team_id=
{$speaker_array[$x]['team_id']}\">".$speaker_array[$x]["teamname"]."</
td>\n";
standing/position/display.php
---
line 126: echo "<td><a href=\"team_overview.php?team_id={$team
['teamid']}\">".$team["teamname"]."</a></td>\n";
team_overview.php
---
line 48: print "<li><a href=\"team_overview.php?team_id={$row
['team_id']}\">{$row['univ_code']} {$row['team_code']} ({$row
['speaker1']} and {$row['speaker2']})</a></li>";
line 95: print "<tr><td>$long</td><td><a href=\"team_overview.php?
team_id=$id\">$name</a></td><td>$ranking</td><td>$points</td><td>
$before</td><td>$after</td><td>$final</td></tr>";
So yeah, that's basically that. Also, one other note; here in Canada,
we generally use a 35-42 scale for tournaments, meaning we use decimal
places, so if you want Tabbie to support half marks (otherwise, since
the MySQL column is int, it'll be automatically rounded up), these
changes are needed in result/currentround.php:
line 352: $query.="`points` float NOT NULL default '0', ";
line 425: $query.="`points` float NOT NULL default '0', ";
That's all =]! I'd probably love to be a developer for Tabbie, but
one, I'm not sure if I'd be qualified enough, and two, I really need
to brush up on my statistical knowledge.
Lemme know what people think.
Klaas van Schelven
Nov 20, 2008, 8:34:13 AM11/20/08
to tabbie...@googlegroups.com
On Thu, Nov 20, 2008 at 2:33 PM, Klaas van Schelven <kl...@vanschelven.com> wrote:
Hey,
Second change seems ok to me.
First one I'm not really sure what you're saying. In general it seems to me that data should always be escaped (explicitly, and only once) before being inserted into the DB. I'm not sure on the status right now so I would have to check that.
If you want to be a developer, create a sourceforge account and I'll put you on the committers list.
B.t.w. it's possible that the all in one package and latest normal package are not in sync. I'm to lazy to roll the windows package every time... If you're up for that that would be great.
Klaas
--
Portfolio: http://www.xaba.nl/content/portfolio
CV: http://www.linkedin.com/in/klaasvanschelven
Telefoon: 06 811 599 10
--
Portfolio: http://www.xaba.nl/content/portfolio
CV: http://www.linkedin.com/in/klaasvanschelven
Telefoon: 06 811 599 10
WuDi Wu
Nov 21, 2008, 6:14:13 PM11/21/08
to Tabbie Development
Oh, one more slight error I discovered. The edit teams page will put
select speakers 1 and 2 based on the alphabetical order of the two
speakers, not based on speaker_id; this means that if Person C is
entered as Speaker 1, and Person A is entered as Speaker 2, when you
go to the edit teams page, the speaker order will be reversed. It
doesn't affect much to be honest, but it's a simple change; all that's
needed is to add an order by the speaker ID to the SQL query:
input/team.php
---
line 245: $result=mysql_query("SELECT * FROM speaker WHERE
team_id='$team_id' ORDER BY speaker_id ASC");
select speakers 1 and 2 based on the alphabetical order of the two
speakers, not based on speaker_id; this means that if Person C is
entered as Speaker 1, and Person A is entered as Speaker 2, when you
go to the edit teams page, the speaker order will be reversed. It
doesn't affect much to be honest, but it's a simple change; all that's
needed is to add an order by the speaker ID to the SQL query:
input/team.php
---
line 245: $result=mysql_query("SELECT * FROM speaker WHERE
team_id='$team_id' ORDER BY speaker_id ASC");
Klaas van Schelven
Nov 22, 2008, 11:01:19 AM11/22/08
to tabbie...@googlegroups.com
WuDi,
please give me your sourceforge Id (get one if nec.).
I'm perfectly fine with you merging these kind of changes into the trunk
Klaas
please give me your sourceforge Id (get one if nec.).
I'm perfectly fine with you merging these kind of changes into the trunk
Klaas
--
Portfolio: http://www.xaba.nl/content/portfolio
CV: http://www.linkedin.com/in/klaasvanschelven
Telefoon: 06 811 599 10
Portfolio: http://www.xaba.nl/content/portfolio
CV: http://www.linkedin.com/in/klaasvanschelven
Telefoon: 06 811 599 10
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
0 new messages