

Show HN: My first webapp. Yikes! Read and Post Stories anonymously - samjc
http://www.sam-the-man.com/yikes

======
devgutt
_This Project is here to help me learn PHP & MySQL_

If this is a project to learn PHP and MySQL (and maybe Javascript) you should
not build it using bootstrap (you've lose all the fun ;). But this is only my
opinion.

~~~
samjc
How is bootstrap holding back when it comes to PHP an MySQL? JS, sure, I can
understand, since most of it is just using their API, but how is it holding me
back when it comes to PHP and MySQL?

~~~
devgutt
Because it is not necessary to learn PHP/MySQL. And if you add JS, even worst,
don't use bootstrap at all. Don't use any PHP framework too at this stage.

~~~
joshschreuder
It's a framework that makes things look decent enough by default though.

If your goal is to learn something other than web design (eg. PHP / MySQL),
then surely you want something that can do things well in that department by
default so you don't have to mess around with it too much?

~~~
samjc
That was my intention: Learning the practical side of PHP and MySQL, without
having to deal with too much design and markup. At the same time I didn't want
my project to like a POS, which is the main reason I used Bootstrap.

------
berodam
The color of the large top banner is killing my eyes but otherwise it seems to
work as intended. Did you seed the stories yourself or did you get some actual
users to write them?

~~~
samjc
It's killing your eyes because it's too damn ugly or because it's too bright?
The stories are all from actual users. Family, friends, friends of friends,
etc.

------
samjc
I made this to get into php and mysql. Constructive Criticism, and suggestions
are welcome and appreciated :).

~~~
joshschreuder
Probably needs a Recaptcha or similar (<http://www.google.com/recaptcha>) on
the form to slow down those pesky webspammers a bit. Maybe think about
nofollowing (<http://en.wikipedia.org/wiki/Nofollow>) any links in the story
too, so you don't get used as SEO juice. My link didn't work out too well
either (changed to <http://www.sam-the-man.com/yikes/www.google.com>)

Also, make sure to filter your user input to avoid XSS attacks. I just posted
a story and your page will print HTML and JS verbatim, meaning I could do
malicious things. See here: <https://www.owasp.org/index.php/Cross-
site_Scripting_(XSS)>

Apart from that, looks pretty good, well done :)

~~~
samjc
Thank you very much. I was hoping that the mysql_real_escape_string() function
would be enough, but it did seem too easy.

I will definitely look further into it! Thanks again

~~~
joshschreuder
I'm not a PHP / MySQL guy, but this might help:
<http://stackoverflow.com/a/110576>

