www.chitlist.com Contractor Consulting

developed my first member/comment database driven site at www.chitlist.com . comments and critiques greatly appreciated!

i also invite you to join the member section and check out some of the techniques i used for the php/sql etc, this is my first 'commercial' development relying heavily on my code. if you do register but do not intend to use the member section in the future for purposes of the site, sign up as void1, or void2, void3, etc so that i know which users can be deleted. the first 100 members are free, $95/yr after that. if someone wants to view the site to critique after the first 100 users, feel free to contact me

i appreciate any and all comments!

There are cross site scripting vulnerabilties on your site by not escaping the data before you redisplay it in text boxes. Try logging in with a username of asdf">'><img> for example.

Other that that, the layout seems fine. I didn't have any issues navigating the site. I don't like that you choose the width of the site for me. Size is determined by the user, not the designer.

oh yeah, chitlist sounds like sh*tlist to me.

---John Holmes...

Text is best as plain text. Using a background image with text is one of the worst possible way to display text,
If the images isn't displayed there is no way for me to get the text. A site should always work whether or not the images is displayed or not.

Secondly your layout breaks totally if one change the font-size,
never try to "force" a set font-size. (A user can always change the font-size)
So I agree with Sep on that point.

both of these replies are exactly what i was looking for. i needed someone other than a typical user to test my site and tell me the vulnerabilities. i appreciate both replies.

with regards to the reply from John Holmes... how would i go about 'escaping the data before i redisplay it in textboxes? i was completely unaware of this vulnerability.

for the site width problem... do you mean setting the site width to a percentage instead of a pixel width?

reply to AKH's reply... what would your suggestion be as to how to duplicate the look i am going for without using an image behind text? table BG color? css? also not sure how i would go about fixing that.

with regards to the fontsize, i am using CSS to determine that, in places, however, i have determined the fontsize in the font tag.

thanks for the replies, keep em comin

also, chitlist was the client's idea... thats what he wanted, so thats what he got

wow... I just saw how your whole site is layed over a background image... horrible. You can recreate all of that text using CSS to control the size, color and alignment. There's no need for that image.

As for the vulnerabilties, run the text through htmlentities() before you put it back in the text box.

Assuming $_POST['username'] came from the user and you want to redisplay it back in the text box...

---John Holmes...

I appreciate your response. i will definitely get to fixing the PHP error as soon as i get back to my room. i'm actually a college student and am in my first web design class as we speak. everything i know ive taught myself and im still learning alot, so i appreciate the help on this site. enormous amount of information here. as far as the CSS goes, i'm unfamiliar to it other than text effects, but this class im in right now focuses on javascript/css so hopefully i will have a better idea. i just did the site the best way i knew how at the time. thanks for your responses though! any other comments and suggestions are also welcome, i know that the design is far far far from perfect.