Post - Forum - Plus/4 World



	Home Search Games Tapes Covers Cheats Maps Software New Stuff Hall Of Fame HVTC Game Endings Solutions Remakes Publications Magazines Effects Top List Members Groups Features Plus/4 Encyclopedia Hardware Tools Options Forum Home Search Games Tapes Covers Cheats Maps Software New Stuff Hall Of Fame HVTC Game Endings Solutions Remakes Publications Magazines Effects Top List Members Groups Features Plus/4 Encyclopedia Hardware Tools Options Forum	Login

Forum Help

Post Your Message

Previous Messages

Posted By

George
on 2018-01-20
21:06:36

Re: Suggestions/Wishes for Game-Database Search

Ok, since i am not a Webdeveloper and Security specialist i have to give you right.
Couldn't this possible thread be avoided, if you parse and check the Input-string on the existance of a keyword-combination:
Deny if the string contains more than Word and special keyword like SELECT, FROM, WHERE, INSERT, UPDATE , DELETE .

Posted By

siz
on 2018-01-20
12:36:00

Re: Suggestions/Wishes for Game-Database Search

"The Query would be dynamically expanded with a ' WHERE ... AND Distributon LIKE %'+ Edit.Value +'% ' Clause, if the Edit field has a value."

I hope you don't want to do that. That's exactly the place for an SQL injection attack.

Unfortunately these days you have to take security measures which makes development a lot more longer and tougher.

Posted By

George
on 2018-01-20
10:31:10

Re: Suggestions/Wishes for Game-Database Search

Hi Csabo,

i understand what you mean. If its too much effort for you, it doesn't make sense of course.

The idea behind all of this:
Collectors l want explore what is missing in their collection.
Examples:
* Which and how many commercial Cart exist
* Which and how many commercial Floppies exist
* Which and how many commercial Tapes exist

Category Games, Office-Application etc..

I would be nice to run a search where as result a list of covers, a photo of the cart, Floppy, Tape with the basic Information appears, because the package and the storage medium is more intersting then the software itsself. Collectors are interested in the physical things.

I work everyday with dynamic SQL-Queries.
A simple way would be to place an edit-field for the most important Datafields (like Distribution) in the Main-Searchform , where you can write a string in it. Example for the the Datafield 'Distribution'. The user would write "Commercial 'in it. The Query would be dynamically expanded with a ' WHERE ... AND Distributon LIKE %'+ Edit.Value +'% ' Clause, if the Edit field has a value.

This way over time you can add more and more dynamically 'AND/OR' clauses into your Main-Search for the software.

Posted By

Csabo
on 2018-01-20
08:10:13

Re: Suggestions/Wishes for Game-Database Search

I've toyed with the idea of adding an "advanced search" feature to the site, but:
- the effort would be pretty high
- the demand is pretty low
- I simply can't conceive of a user interface good enough that would cover all the possibilities (e.g. multiple AND/OR clauses)

There are some similar things though, e.g. under Software / Category, you can click "All" and the sort by Distribution. The Top List has an option for Commercial Games only. The "cartridge" question came up once before, here's the response: http://plus4world.powweb.com/forum/32943/-/cartridge

Where does that leave us? Let me know what you want to do very specifically, and I'll either run a query for you, or try to build that option into the site.

Posted By

George
on 2018-01-19
16:04:21

Suggestions/Wishes for Game-Database Search

Hi,

i have a wish/sugestion:

It would nice if some filters for the Game-Database search could be added, if possible:
* Commercial/not commercial
* Cartridge/Disk/Tape/file

would help some of the collectors and historians. Or is there already a way to get the informations?

Maybe you have also a Webservice connected to your Database. I could write my own application then.