> > However if I set magic_quotes_gpc = Off, I will have problem with my queries if I insert texts with quotes ??

Yes, you will be need to check all queries for SQL  injection posibility. Function like mysql_real_escape_string is good protection from user's mistakes and from SQL errors. But hackers knows a ways to overcome this protection, so you need to be ready. Good solution is to have your own function like filter_string_for_query which will normalize incoming utf string, convert html code into html entities, escape quotes, and try to detect some kinds of "unsecure" words like UNION DROP DELETE in text and strip or modify them (by adding space, for example: DROP TABLE users is not a D ROP TABLE user ...) etc.

 

Also, you need to clean from database a sequences of slashes before, because they are still exists...

Comment written by alrusdi on May 28, 2009 @ 16:06

"mark as unread" :

yes, good idea!

Comment written by vincent on Feb 24, 2009 @ 17:14

I think that "mark as unread" option would be very interesting for e-mails.

Comment written by lg333 on Feb 24, 2009 @ 16:26

vincent Thank you for paying attention to my post.
I'll PM you about 1-st tip

> people have to use the polyglot website
it' s not comfortable (for me at least). But this information still published in my post, and it is probably just enough

> Yeah i have to work on the "magic quote", i have not fully figured out yet
I see the same problem in PM posting and other texts from database. I suggest it happens because "php_magic_quotes" is swithed on in php.ini and additionaly php code itself uses someting like addslashes() or mysql_real_escape() before storing text in database. As results we have population of Evil Slashes is growing up)

Also... Something wrong with options which allows to become VIP user. Site says how I can to become VIP:
1) Invite 5 or more friends to this site
2) Post some language learning videos
3) Join to the Translation Team
4) Pay money

I have joined to the Translation Team, but still not VIP user)) What I do wrong?

Comment written by alrusdi on Feb 23, 2009 @ 09:37

Hi,
Thanks for the tips : see answers below

1. Strongely need to add an ability to ignore an PM messages from some countries...
why ?

2. Translate all basic UI elements in Russian (why something like 'Logout', 'Links', 'Events'... has acceptable translations in Translation Team interface but still not aprooved?)
translation still in process, Russian admin has to accept it (he needs time for it)

3. Place somewhere information of how to connect into Chat Room from external IRC client (user must use #polyglot channel on irc.mibbit.com)
people have to use the polyglot website

4. Alow user to search peoples which are currently logged in on site
ok,

5. Place somewhere an info how much votes need to aproove an translated string in Translation Team interfeace
here is the rule : if language is accepted, item appear if more votes, or more recent
when admin approves one item votes are set to 999

6. Need to replace overslashing on string containing an single quote character. For now Events-> Tyumen' Events menu record seems like ' Events-> Tyumen\' < --- here realy seven slashes (forum message form just strips some)
Yeah i have to work on the "magic quote", i have not fully figured out yet

Comment written by vincent on Feb 23, 2009 @ 00:07

The fourth tip is really interesting.

Comment written by lg333 on Feb 22, 2009 @ 23:13