Well it certainly seems to work well. It's quite Youtube-ish in fact, minus the per-comment reply option.
On the security side of things, I tried some stuff to get past the validation but notice you're properly escaping HTML, checking for the user's e-mail address and comment length on the server-side, also glad to see everything with a side-effect is done by POST. Good stuff.
My only criticisms are: Firstly, the smiley conversion done in the Javascript file, makes it a little harder to manage the list of smiley's. You could either use some inline PHP-generated Javascript for the list of replacements or return the comment in the AJAX response from the server (instead of just the comment id). Secondly, the indentation in the Javascript file looks messed-up, try opening it in a few editors or Chrome's Javascript debugger to see what I mean. Thirdly, there are several functions inside$(document).ready(), they don't need to be there, also your code will be easier to read if they weren't. Fourthly, naming your file jQuery.js is confusing and could cause filename collisions.
Finally, who is it for? Most comment systems are parts of a larger whole, like a CMS, blog or forum. Is this something you plan to include in a larger system or just something you did for fun?
Pretty cool. It requires Javascript to be enabled, so that may cause an issue with the paranoid surfers that use plugins like Noscript.
I noticed that there is a function in there called deleteCommentFunction() and has the code to form the post to deleteComment.php. I didn't try it, but I hope it doesn't blindly take post data to that script and delete comments w/o any credentials. I would hide that code and have a separate private page for administering comments.
shaunno2009 posted this at 11:09 — 3rd April 2021.
When check your link but it's not working properly. Can you give me another details about it.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.
JeevesBond posted this at 03:52 — 13th July 2010.
He has: 3,956 posts
Joined: Jun 2002
Well it certainly seems to work well. It's quite Youtube-ish in fact, minus the per-comment reply option.
On the security side of things, I tried some stuff to get past the validation but notice you're properly escaping HTML, checking for the user's e-mail address and comment length on the server-side, also glad to see everything with a side-effect is done by
POST
. Good stuff.My only criticisms are: Firstly, the smiley conversion done in the Javascript file, makes it a little harder to manage the list of smiley's. You could either use some inline PHP-generated Javascript for the list of replacements or return the comment in the AJAX response from the server (instead of just the comment id). Secondly, the indentation in the Javascript file looks messed-up, try opening it in a few editors or Chrome's Javascript debugger to see what I mean. Thirdly, there are several functions inside
$(document).ready()
, they don't need to be there, also your code will be easier to read if they weren't. Fourthly, naming your filejQuery.js
is confusing and could cause filename collisions.Finally, who is it for? Most comment systems are parts of a larger whole, like a CMS, blog or forum. Is this something you plan to include in a larger system or just something you did for fun?
a Padded Cell our articles site!
shaunno2009 posted this at 02:01 — 15th July 2010.
They have: 8 posts
Joined: Jul 2010
Comment Removed
pr0gr4mm3r posted this at 01:32 — 15th July 2010.
He has: 1,502 posts
Joined: Sep 2006
Pretty cool. It requires Javascript to be enabled, so that may cause an issue with the paranoid surfers that use plugins like Noscript.
I noticed that there is a function in there called deleteCommentFunction() and has the code to form the post to deleteComment.php. I didn't try it, but I hope it doesn't blindly take post data to that script and delete comments w/o any credentials. I would hide that code and have a separate private page for administering comments.
shaunno2009 posted this at 11:09 — 3rd April 2021.
They have: 8 posts
Joined: Jul 2010
Comment Removed
SEO Company posted this at 05:14 — 6th August 2011.
They have: 59 posts
Joined: Aug 2011
When check your link but it's not working properly. Can you give me another details about it.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.