Hey there! Sign in to join this conversationNew here? Join for free
Turn on thread page Beta
    • Thread Starter
    Offline

    0
    ReputationRep:
    hi there everyone. im creating a website using html (frontpage), i am not using SQL to link the webpages to databases (as i dont know how to make good links). I am really stuck on how to create a guestbook as a result. this is because i would not have anywhere to store the comments from users. The wizard on frontpage provides me with a template for data entry but does not help in telling me where and how to store any comments. i really tbh have no clue in how to do a guetbook! has anyone made a guestbook themselves before? anyone have any ideas on how create a working guestbook?

    plz reply.

    thanx for any help in advance.

    p.s. if you have used mySQL can you tell me from where you learnt and what manuals you have used that allowed you to easily learn how use it. microsoft help is tbh PANTS. i crap at this sorta thing and i wish there was a book for learning about this and creating guestbooks in the 'Dummies Guide To'....lol, but there unfortunately isnt.
    • Thread Starter
    Offline

    0
    ReputationRep:
    (Original post by piginapoke)
    Creating a guest book involves persistence of data. Therefore, you need to have a mechanism of storing the data. You can't do this in plain HTML. You need to have the ability to run processes on the web server (example: perl, mySQL).
    yeah i know, i was just wondering whethaer there was any way of just using plain html. have u used perl or mySQL. if have u got any good guides u can recomend for it.

    i tried using access but that was really poor.
    Offline

    10
    ReputationRep:
    What stuff do you need to know about MySQL? If you want to know about SQL syntax (this isn't specific to MySQL; other databases use it as well), then this site: http://www.w3schools.com/sql/default.asp is good for basics.
    Offline

    0
    ReputationRep:
    What ever you don't use frontpage it produces very nasty bloated HTML code that makes your website in accessable for a lot of people.

    www.cutandpastescripts.com host bannerless/advertless guestbooks and they work quite well. It is totally free. The only other way of doing it would be to use MySQL/PHP or ASP. You can use a text file but MySQL/Php is far easier.

    You can only use interactive front page stuff if your server has front page extensions installed. Frontpage is not standard and only serves to let people get into bad habbits.

    1stpage2000 which is a freeware HMTL editor is far better. Dreamweaver is also good but expensive.
    Offline

    0
    ReputationRep:
    (Original post by Meeps)
    yeah i know, i was just wondering whethaer there was any way of just using plain html. have u used perl or mySQL. if have u got any good guides u can recomend for it.

    i tried using access but that was really poor.

    Access should work quite well if its coded correctly. I made this site purely in access

    http://www.robertson-i.co.uk/shop/

    I used SQL statement though rather than Microsoft's method.
    Offline

    2
    ReputationRep:
    (Original post by amazingtrade)
    Access should work quite well if its coded correctly. I made this site purely in access

    http://www.robertson-i.co.uk/shop/

    I used SQL statement though rather than Microsoft's method.
    Hmm... why is your database file world-readable? I really shouldn't be able to just download it by making a standard HTTP request for it, not very secure really; especially not if you were actually taking transactions and storing credit card details etc...
    Offline

    12
    ReputationRep:
    (Original post by rahaydenuk)
    especially not if you were actually taking transactions and storing credit card details etc...
    Trade isn't a thief.
    Offline

    0
    ReputationRep:
    (Original post by rahaydenuk)
    Hmm... why is your database file world-readable? I really shouldn't be able to just download it by making a standard HTTP request for it, not very secure really; especially not if you were actually taking transactions and storing credit card details etc...
    It was just an assignment, at the time my tutor didn't know the exact URL path to the database, so I had to use a relative URL hence not being able to use private directories. However I have the path now so I can make it much more secure.

    It dosn't really matter for this though if people to have access to it, it dosn't store real credit card numbers or anything.

    P.S Just out of interest how did you know the location of my database?
    Offline

    1
    ReputationRep:
    (Original post by bono)
    Trade isn't a thief.
    rahaydenuk was merely pointing out the security issues involved.
    Offline

    0
    ReputationRep:
    The site I am currently working will have a secure database and I have also used MD5 for login encrytion.
    Offline

    2
    ReputationRep:
    (Original post by amazingtrade)
    P.S Just out of interest how did you know the location of my database?
    By guessing the common ones. I think I tried db.mdb, dbase.mdb and then database.mdb. You'd be amazed how many sites do that and forget to change permissions, but then Windows doesn't really have such a clear and easy-to-use file permissions system as *nix. I originally thought your admin password might have been stored in the database, which obviously would've been an even larger security flaw, however it appears you've hardcoded that into a page or something as it's not responding to SQL-injection (unless you've taken action against that, which is unlikely since you do not parse your quantity values, which in itself doesn't appear to be a problem since they are passed into a CDbl function which acts as a form of an inadvertent security wrapper on potential SQL injection strings).
    Offline

    2
    ReputationRep:
    (Original post by capslock)
    rahaydenuk was merely pointing out the security issues involved.
    Yes, I think our dear bono got the wrong end of the stick there... I wasn't accusing AT of anything other than lax security. This would then have the potential to be exploited by malicious users, AT would have the info anyway, so if he wanted to be malicious, he wouldn't need to hack his own site to do it.
    Offline

    12
    ReputationRep:
    (Original post by rahaydenuk)
    Yes, I think our dear bono got the wrong end of the stick there... I wasn't accusing AT of anything other than lax security. This would then have the potential to be exploited by malicious users, AT would have the info anyway, so if he wanted to be malicious, he wouldn't need to hack his own site to do it.
    I was only joking
    Offline

    0
    ReputationRep:
    (Original post by rahaydenuk)
    By guessing the common ones. I think I tried db.mdb, dbase.mdb and then database.mdb. You'd be amazed how many sites do that and forget to change permissions, but then Windows doesn't really have such a clear and easy-to-use file permissions system as *nix. I originally thought your admin password might have been stored in the database, which obviously would've been an even larger security flaw, however it appears you've hardcoded that into a page or something as it's not responding to SQL-injection (unless you've taken action against that, which is unlikely since you do not parse your quantity values, which in itself doesn't appear to be a problem since they are passed into a CDbl function which acts as a form of an inadvertent security wrapper on potential SQL injection strings).
    Yeah I have hard coded it into a page so its fixed. I never thought anybody would actually view the site other than me and my tutor so security wasn't an issue. Also that site was the first server side website I have ever made so I am quite proud of it now. If I was to do it again I would make an include file for the connection string to make it easier to update and also make sure the database is in a private directory. Also calling it a common name wasn't such a good idea.

    The other big thing I would change is the use of style sheets, stylesheets would have worked much better for the navigation rather than images.

    I am hoping in six moths time I will be pretty good at server side programming as I am improving all the time.
    Offline

    0
    ReputationRep:
    (Original post by piginapoke)
    Hmm the pages on your site look like edited frontpage output
    Wich pages? The actualy design isn't too clever as I didn't use stylesheets, I really wish I had done that now, however the marking was purely on the ASP code and what server side functionality the site has, that is why the design was rather laxture. Also I should not have put that silly flash intro on the front page.
    Offline

    0
    ReputationRep:
    (Original post by piginapoke)
    Just a gag, I thought the JS functions looked familiar.
    Yes thats awful dreamweaver JS code. If I did that site professional there is no way I would have left them in, I would have just used stylesheets. It was 3 months ago since I have made that site and my standards have improved since then, the part time job as a CSS based web developer helped a lot.
    Offline

    0
    ReputationRep:
    (Original post by piginapoke)
    I envy you artsy types. I initially wanted to be a web developer after I graduated but I'm shocking at anything artistic or design-y.
    Thanks. I'm ok I'm quite good at photoshop and stuff like that, the only bad thing is I can't draw people.

    I am not much good at large database type projects that invovle systems anyalsys and essesentialy just the logic, however this why people study computing at places like Oxbridge to that kind of stuff.

    Anyway I have a 9:00am lecture so I am up at 7:00am I better get of the damn computer. Good night all.
    Offline

    1
    ReputationRep:
    (Original post by amazingtrade)
    Thanks. I'm ok I'm quite good at photoshop and stuff like that, the only bad thing is I can't draw people.

    I am not much good at large database type projects that invovle systems anyalsys and essesentialy just the logic, however this why people study computing at places like Oxbridge to that kind of stuff.

    Anyway I have a 9:00am lecture so I am up at 7:00am I better get of the damn computer. Good night all.
    i got a 9:00am lecture to, but i dont have to get up until 8:00am

    cya at
 
 
 
Turn on thread page Beta
TSR Support Team

We have a brilliant team of more than 60 Support Team members looking after discussions on The Student Room, helping to make it a fun, safe and useful place to hang out.

Updated: March 11, 2004
Poll
“Yanny” or “Laurel”
Useful resources

The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

Write a reply...
Reply
Hide
Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.