Whilst this is a great start, there are a few things that i'd like to bring to your attention.
Starting off with db.config.php:
Line 30, you use the @ which is designed for error message suppression. In an ideal world, there should be no use for this what so ever. As it just hides an underlaying error which should not have been presented in the first place. Understandably, there will be an error with incorrect information in the beginning variables. Once changed to the correct information this error will be solved..
Line 15, you're returning a blank string. Which would add an extra stress with validating the response. Currently, i'd validate:
if (empty(mssql_escape_string($data)){ ... }
Whereas you'd ideally want to return false. So, you can validate as:
if (mssql_escape_string($data) !== false){ ... }
Which is alot cleaner and easy to validate.
Now onto IP.php:
Line 50, you'd always be presented with an undefined index as there has been no button/submit on the form. You'd want to wrap it with an isset(); to mask the error. Alternatively, you could:
<form action="ValidateIP.php" method="POST">
and work with the post variables on a separate page, keeping your HTML/PHP as separate as possible. It'll be better practice to use.
You'd also want to implement a custom error handler to catch errors & save them to a new file such as: error.txt or error.html for the administration view, and turn off displaying errors.. So in an event that there is an error present. The user will not see the issue & With the handler, you can nicely present the user with an error page and silently report the error for the developers viewing.
banusersystem1.php:
Terrible file name choice, you'd want to avoid numbers in the URL to the best you can by default. & the same problem as mentioned before. No isset() wrapped around your first if statement.
But none the less, if this is your first actual development you've felt comfortable releasing. You've done a good job for someone who is still in the infancy of PHP development. You've got along way to go, but you'd definitely get there.
|