# Reviews Site Update



## Michael Morris (Jan 29, 2005)

Hello folks.  I'm going to take a break from 4 days of nearyly non-stop coding to let you see a screenshot for assurance that something is being done about the reviews site and the apparent collapse of its code brought on by the server move.

When the reviews site goes back up it will be integrated into the boards.  You'll use the same log in to post reviews and comments there as you do here - further reviews and comments made there will pad your post count - and I fully expect Crothian to gain 1000+ posts when I perform the merge.

The new site will also use the same post index which means that searches done on the boards will also turn up relevant reviews and products unless you filter them out (and you can choose to search them specifically as well).

To date I have a fully working import script.  The script will attempt to match your user name against your reviews user name - but if it fails to get a match a new autoposter will get credit for the post.  HOWEVER, I am bringing the old user names and I will at some point build a feature that will allow the admins to find the posts of your old account based on user name.

The screenshot below is still very early alpha code, so it's got glitches (the avg score for instance is missing). However, I hope you find it encouraging and I hope to have something up as soon as humanly possible. The launch version will be very minimalist though so that reviews posting and reading can resume - I'll add additional functionality soon after release.


----------



## Trencher (Jan 29, 2005)

Looks good!


----------



## Starman (Jan 29, 2005)

Thanks for the update. I'm looking forward to getting the reviews section back. 

Starman


----------



## CarlZog (Feb 2, 2005)

*Yay! Reviews are back!*

And just in the nick of time!

I was about to give up and buy some stuff this week without the benefit of my trusted Enworld Reviews. Turns out I was precariously close to making what would have been some REALLY BAD purchasing decisions!


----------



## Crothian (Feb 2, 2005)

don';t forget you can always post a thread asking for opinions on certain books or topics.  Like if you knew you wanted a book on dwarves, you can ask what books are out there on them and what people think of them.  And I'm glad you enjoy the reviews!!


----------



## Morrus (Feb 2, 2005)

I just got an email from Blacksway who says the reviews site should be fully working again now.  Yay!


----------



## Michael Morris (Feb 2, 2005)

Good.  That takes the pressure to rush the merger code off me.  I'm still working on it - but now I can do so at my leisure.


----------



## Crothian (Feb 2, 2005)

I just successfully posted a review, thanks!!


----------



## Crothian (Feb 2, 2005)

the review site is moving pretty slow..for that matter EN World itself has seemed to really slow down for me.....


----------



## Ankh-Morpork Guard (Feb 2, 2005)

Crothian said:
			
		

> the review site is moving pretty slow..for that matter EN World itself has seemed to really slow down for me.....



 Usual speed for me. Fast.


----------



## GlassJaw (Feb 3, 2005)

I've been trying to post a review but I keep getting this error message:



> SQL Error:
> INSERT INTO Reviews (Product, ReviewBy, Date, Time, Review, Score) VALUES ('TE1K', 'Glassjaw', '2005-02-02', '00-00-00 20:02'
> 
> You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax


----------



## Crothian (Feb 3, 2005)

I was just able to post a review.  So, you may want to try again.....?


----------



## JoeGKushner (Feb 3, 2005)

Trying to put in the Book of Iron Might into the database so I can review it and getting...

Duplicate entry '' for key 2

When going to add it.


----------



## JoeGKushner (Feb 3, 2005)

and just tried to add Mystic Secrets for Arcane Unearthed product line and got same error.


----------



## GlassJaw (Feb 3, 2005)

> you may want to try again




I tried a couple more times and got the same thing.   :\

Update: I'm using IE 6.0.  I copied my review from Notepad.


----------



## Khur (Feb 3, 2005)

I get the same error as GlassJaw:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 're used to in _Mutants & Masterminds_ books. Even the cove:1064

I am using Firefox as my browser, in case this makes a difference.


----------



## JoeGKushner (Feb 3, 2005)

And just tried to add Strange Tribes to datase and got the Duplicate entry '' for key 2 error again.

If anyone else wants to try and add those to the database, let me know if you get the same errors.


----------



## Crothian (Feb 3, 2005)

I got the same error as joe when I tried to ad trhings yesterday

and when I tried to post a comment I got the error the others are getting when they try to post reviews.


----------



## blizack (Feb 3, 2005)

I am also getting the SQL error message when I try to post my review for the Castles & Crusades Players Handbook. Help!


----------



## John Cooper (Feb 3, 2005)

I'm also getting the SQL error when I try posting a review.  This has been going on for several days now, with the same result each time.


----------



## TheAuldGrump (Feb 4, 2005)

SQL Error, both Firefox and IE. Pasted from Notepad.

I am strangely heartened to see that it is not just me... I guess that it is true that misery loves company.

The Auld Grump


----------



## HellHound (Feb 4, 2005)

According to one reviewer, the SQL error happens if you include an appostraphe in the review.

Try reposting them without the appostraphes.


----------



## Khur (Feb 5, 2005)

Actually, the curly apostrophe (as auto-formatted by Word, for example), works just fine. It doesn't give the SQL error. My review on Erzsak's Drake Riders is full of 'em. So, if you're changing your apostrophe's to straight ones for posting the review, them's the problem. In other words, "* ' *" doesn't work, but "* ’ *" does.


----------



## GlassJaw (Feb 5, 2005)

> the curly apostrophe (as auto-formatted by Word, for example), works just fine. It doesn't give the SQL error.




Interesting because Word formatting didn't work before.


----------



## Michael Morris (Feb 5, 2005)

I've noted this error and must shut the reviews site down until it is corrected since it can be exploited to destroy data in the database.


----------



## Crothian (Feb 5, 2005)

is that why I'm getting "Error executing query -" now?


----------



## Michael Morris (Feb 5, 2005)

Yes.  Permissions are denied to the reviews database by mysql itself.  I'm downloading the code now.


----------



## Crothian (Feb 5, 2005)

That's cool, I was just ciurious.  Thanks Michael.


----------



## Michael Morris (Feb 6, 2005)

*Newest Update*

Well, I'm closing in on completing a number of points on the new code base.  Run down of the features that are working right now on my test bed.

IMPORTER.
This is the critical part, though ironically this bit of code runs only 1 time on the live server - when it's used to import the old database.  So far it takes all the data and transfers it over and during the transfer it does some necessary housekeeping such as establing true table relationships (the old database, despite being on MySQL, does not adhere to proper relational database forms by a LONG shot).  It also translates most all the reviews boards codes into their vbulletin equivalents.  It will attempt to match a user's name to the vbulletin membership.  Fail or no, it keeps the old username on file and the system displays that as necessary on the old posts. This will also allow me to write an admin tool that will assign reviews posts to a new user.

TRUE INDEXED SEARCHING
I've ran this through it's paces, and it works just as well on the boards (no surprising - the same engine is used).  This means after the transfer searches will turn up reviews as well as other posts unless you specify a forum.

GREATER SECURITY, HIGHER ROBUSTNESS
Since the system will employee the exact same engine as vbulletin it will have the advantage of tighter security controls.  Also, both the standard and the WYSIWYG editors will be available for the composing of reviews. Finally, the whole thing won't throw a fit if you use an apostrophe.

PAGINATED VIEWING
As with forums, large pages will be broken down into pages.  At the moment the publisher list has this feature - other lists will follow.

FASTER
Using WinMySQL admin I've clocked the query times for pages both in the old and the new reviews systems.  On average the queries of the new system take half as long to complete and there are fewer of them.  This will help maintain server performance.


I'm trying to get this out the door as soon as I can guys, but I want to make sure it works before cutting you lose on it.  Hopefully Blacksway can fix the SQL injection vulnerability in the old code so that it can be turned back on.  He's more familiar with that code and knows where to look to make the changes.  In the meanwhile I'll apply my time to the replacement.  With luck it will be operational before month's end.


----------



## Ravellion (Feb 6, 2005)

I am getting this error now:

1142:select command denied to user: 'd20reviewer@localhost' for table 'Reviews' - /reviews/index.php

Can't access a single review.

Rav


----------



## Turjan (Feb 6, 2005)

The message I get is far simpler: "Error executing query -"


----------



## Crothian (Feb 6, 2005)

Ya, I'm getitng that error again as well.


----------



## Michael Morris (Feb 6, 2005)

It has to do with priveleges.  Every time the reviews site wants to run a query it has to log in and identify itself.  I turned this off because there is a SEVERE security risk in the current code.


----------



## Khur (Feb 7, 2005)

Thanks for taking the time to let us know about these things, Michael Morris. I, among many (I'm sure), appreciate your work.


----------



## reveal (Feb 7, 2005)

Michael Morris said:
			
		

> It has to do with priveleges.  Every time the reviews site wants to run a query it has to log in and identify itself.  I turned this off because there is a SEVERE security risk in the current code.




Is there any way to look at reviews? Whenever I try to do _anything_ I get the "1142:select command denied to user: 'd20reviewer@localhost' for table 'Publishers' - /reviews/publishers.php" error.


----------



## Crothian (Feb 7, 2005)

nope, but if there is a certain book you want to talk about start a thread in GF


----------



## Mark (Feb 7, 2005)

I tried to follow a Stargate RPG review link from the news on the front page and got this  -

*Query failed - SELECT * FROM Products WHERE Abbr = 'SSRGCR'*

I then tried to follow the "Product Guide/Reviews " link and got this -

*D20 System Guide & Reviews

This area of EN World contains a comprehensive list of d20 System and Open Gaming Publishers and their products and future product schedules, along with a large database of reviews. The reviews on this site are fan-created, and do not reflect the opinion of the site or the site's owner.

1142:select command denied to user: 'd20reviewer@localhost' for table 'Reviews' - /reviews/index.php*

I then tried to use the "Recent Reviews" link and got - 

*select command denied to user: 'd20reviewer@localhost' for table 'Reviews'*

Thought you would want to know.


----------

