# Episode Guide Script



## Dustin Cook (Dec 26, 2003)

Hello.

I run a Star Trek web site and I am looking for an episode guide PHP script to use.

The Original Series
Season 1, Season 2, Season 3.

The Next Generation
Season 1, Season 2, Season 3, Season 4, Season 5, Season 6, Season 7.

Deep Space Nine
Season 1, Season 2, Season 3, Season 4, Season 5, Season 6, Season 7.

Voyager
Season 1, Season 2, Season 3, Season 4, Season 5, Season 6, Season 7.

Enterprise
Season 1, Season 2, Season 3, Season 4

Above are the categories I would like them organised into.

This is the names of the fields for each episode:

Episode Name
Production Number
Episode Category (picked from the above list)
UK Air date
US Air date
Description (from StarTrek.com)
Main Cast
Support Cast
Creative Cast

Could anyone possibily do this as a favour for me? For *free*? Full credit and any added copyright notices that you wish to put on the script will be kept in tact.

Many thanks.


----------



## Rockn (Jul 29, 2001)

Do you have your database set up to hold the content?


----------



## Dustin Cook (Dec 26, 2003)

Yep, a mySQL database.


----------



## Rockn (Jul 29, 2001)

Have all of the fields been added that will hold the content? If so it shouldn't be too hard to write the page.


----------



## Dustin Cook (Dec 26, 2003)

I have some of the script online that a friend designed for me, but he is having trouble fixing the script. Would you like to see the source coding?


----------



## Rockn (Jul 29, 2001)

I am not that good at PHP, but I bet Brendan could whip it into shape in a few minutes.


----------



## Dustin Cook (Dec 26, 2003)

Where is Brendan? and would he be willing to help?


----------



## Sequal7 (Apr 15, 2001)

Post your original code so that we can have a look at it and see if a tweak is best, or redesign required.


----------



## Rockn (Jul 29, 2001)

Kind or hard to test without a database unless you could export the required table or tables to test it out.


----------



## Sequal7 (Apr 15, 2001)

No need to test it, need to look at the code and see that everything is correctly formatted. (tables would be easily constructed anyhow, its the connection that I am interested in)


----------



## Dustin Cook (Dec 26, 2003)

I have sent you both PMs with the files contents.


----------



## Rockn (Jul 29, 2001)

Sequal7 said:


> No need to test it, need to look at the code and see that everything is correctly formatted. (tables would be easily constructed anyhow, its the connection that I am interested in)


Yes there is a need to test it. Looking at plain PHP and table coding isn't going to give you an idea of what the final product will look like unless you actually have content.


----------



## Sequal7 (Apr 15, 2001)

Rockn said:


> Looking at plain PHP and table coding isn't going to give you an idea of what the final product will look like unless you actually have content.


Rokn...Are you kidding me, looking the database connections script will tell me a great deal about what he is trying to obtain in the script. 
He has given me more than enough to simply create a script, but I am interested in the code he has, as it maybe easier to fix. 
The "content" (I assume you mean the layout) is somewhat described in his original post, I am not concerned in his siteslayoutnor integration, thatis easy.

I must ask, why get involved in something you obviously have little understanding in, none of your posts have helped this guy out.


----------



## Sequal7 (Apr 15, 2001)

Your script is completed, I have fixed the errors you had, and you can now add what you wanted to the database.


----------



## brendandonhu (Jul 8, 2002)

Its printing some PHP code into login.php


> <? if ($checkerror == "1") {
> echo "
> 
> Error! Wrong username or password
> ...


And the username and password fields have the same value for "name"


----------



## Sequal7 (Apr 15, 2001)

Thanks, I'm workin on it, didnt write the script, only repairing it


----------



## brendandonhu (Jul 8, 2002)

It seems to be running user input directly into the mysql statement as well. I can tell that the names of the columns in the table epiguide are MainCast, CreativeCast, episodeID, etc, and can execute MySQL functions on the server like this: episode.php?episodeID=ABS(-6)


----------



## Rockn (Jul 29, 2001)

SQL injection not good!!


----------



## brendandonhu (Jul 8, 2002)

There's also cross site scripting which would be a problem if anything important is stored in cookies.


----------



## Sequal7 (Apr 15, 2001)

What are the remaining fileds?
What is returned with episode.php?episodeID=ABS(-6)
Nothing stored of importance in the cookies that I can see

Heres a good idea, perhaps brendandonhu you should reconstuct this guys script so it conforms your standards? 
I dont have the time to re-create his script, nor did I emply that I would; as I said, I didnt write it, I am only fixing the connection errors he asked for.

Anything else?


----------



## brendandonhu (Jul 8, 2002)

You can leave the insecure script on your server if you like, just thought you might want to know that your site is wide open to SQL injection attacks.


----------



## Dustin Cook (Dec 26, 2003)

Thanks for all your help! Where can I download the replacement files?


----------



## Dustin Cook (Dec 26, 2003)

Hello.

Just an update on this. Unfortunately, I never got the script repaired.

I was wondering if any of you knew of place were you can get a similar woking script, or maybe would be willing to code a script for me? (I would need to know costs, etc)

Thanks.


----------



## Sequal7 (Apr 15, 2001)

What is wrong with the original script? I can modify it for you again.

Funny, it seemed to work fine on my server, you even tested it out and put data into the script.


----------

