Poorly written code hurts my soul...

I can make a fully secure upload in under 50 lines, the method it was using was just plain inefficient. Trust me, I know about upload security.

Well, whys it matter what the code looks like if it displays the exact same way? Or better yet, even if it's written sloppy and it reads the exact same and perfect in every other browser, whys it matter? When I go to a website, i read their content/text and their website structure / design. I don't right click and go hmm let's look at the HTML / PHP source just for the hell of it...

It was slow and took its toll on the servers use. Plus it was impossible to make expansions on, I had to rewrite the entire site.

Edit: Not impossible, just far harder them rebuilding it from the grounds up.

I can write a fully secure upload script in one line of code. Sure, it'd be a long line.

P.S. How on earth is it possible to claim "fully secure upload" just from PHP code? (though this topic probably isn't the place for that discussion)

Nothing is completely totally absolutely secure, I take that as given when I say fully secure.

But if you want to have a go, I made www.imagewasp.com

^ i just clicked upload without choosing a file, and it just displyaed a white page lol. cmon put a "please select a file" error in
haha

Originally Posted by masfenix ^ i just clicked upload without choosing a file, and it just displyaed a white page lol. cmon put a "please select a file" error in haha

Yeah, we all see who's laughing now.... That makes it so damn insecure, I may as well find a new profession.

Btw. It does kill the application if there is no file posted.

Originally Posted by Village Idiot Nothing is completely totally absolutely secure, I take that as given when I say fully secure. But if you want to have a go, I made www.imagewasp.com

If you hit login as soon as the site loads I get logged in as somebody called Adam.

Surely that's not a good thing?

http://quickimg.com/uploads/6217c469...ca60fdd73c.jpg

Originally Posted by LJR If you hit login as soon as the site loads I get logged in as somebody called Adam. Surely that's not a good thing? http://quickimg.com/uploads/6217c469...ca60fdd73c.jpg

That is not an error, someone is registered under the username Username and the password candyman. That is a default stuff that seb put in, not I. If you login with empty (not the default) fields, it will give you an error.

It may not be insecure, but it does result in bad usability having a blank page. Even that improved code you pasted, patrickPaul, I couldn't work with pages and pages full of that - but I have done in the past.

Allman style indentation and variable prefixes to denote data types all the way, I wouldn't use capitalised items for my array keys, either. I'd also name the function something less ambiguous than title(), I mean, there's no way you can tell what the function is doing unless you read its contents. I would do something like: