Reviews Site Update

[TheAuldGrump]

SQL Error, both Firefox and IE. Pasted from Notepad.

I am strangely heartened to see that it is not just me... I guess that it is true that misery loves company.

The Auld Grump

 

[HellHound]

According to one reviewer, the SQL error happens if you include an appostraphe in the review.

Try reposting them without the appostraphes.

 

[Khur]

Actually, the curly apostrophe (as auto-formatted by Word, for example), works just fine. It doesn't give the SQL error. My review on Erzsak's Drake Riders is full of 'em. So, if you're changing your apostrophe's to straight ones for posting the review, them's the problem. In other words, " ' " doesn't work, but " ’ " does.

 

[GlassJaw]

the curly apostrophe (as auto-formatted by Word, for example), works just fine. It doesn't give the SQL error.

Interesting because Word formatting didn't work before.

 

[Michael Morris]

I've noted this error and must shut the reviews site down until it is corrected since it can be exploited to destroy data in the database.

 

[Crothian]

is that why I'm getting "Error executing query -" now?

 

[Michael Morris]

Yes. Permissions are denied to the reviews database by mysql itself. I'm downloading the code now.

 

[Crothian]

That's cool, I was just ciurious. Thanks Michael.

 

[Michael Morris]

Newest Update

Well, I'm closing in on completing a number of points on the new code base. Run down of the features that are working right now on my test bed.

IMPORTER.
This is the critical part, though ironically this bit of code runs only 1 time on the live server - when it's used to import the old database. So far it takes all the data and transfers it over and during the transfer it does some necessary housekeeping such as establing true table relationships (the old database, despite being on MySQL, does not adhere to proper relational database forms by a LONG shot). It also translates most all the reviews boards codes into their vbulletin equivalents. It will attempt to match a user's name to the vbulletin membership. Fail or no, it keeps the old username on file and the system displays that as necessary on the old posts. This will also allow me to write an admin tool that will assign reviews posts to a new user.

TRUE INDEXED SEARCHING
I've ran this through it's paces, and it works just as well on the boards (no surprising - the same engine is used). This means after the transfer searches will turn up reviews as well as other posts unless you specify a forum.

GREATER SECURITY, HIGHER ROBUSTNESS
Since the system will employee the exact same engine as vbulletin it will have the advantage of tighter security controls. Also, both the standard and the WYSIWYG editors will be available for the composing of reviews. Finally, the whole thing won't throw a fit if you use an apostrophe.

PAGINATED VIEWING
As with forums, large pages will be broken down into pages. At the moment the publisher list has this feature - other lists will follow.

FASTER
Using WinMySQL admin I've clocked the query times for pages both in the old and the new reviews systems. On average the queries of the new system take half as long to complete and there are fewer of them. This will help maintain server performance.


I'm trying to get this out the door as soon as I can guys, but I want to make sure it works before cutting you lose on it. Hopefully Blacksway can fix the SQL injection vulnerability in the old code so that it can be turned back on. He's more familiar with that code and knows where to look to make the changes. In the meanwhile I'll apply my time to the replacement. With luck it will be operational before month's end.

 

[Ravellion]

I am getting this error now:

1142:select command denied to user: 'd20reviewer@localhost' for table 'Reviews' - /reviews/index.php

Can't access a single review.

Rav