Overall
Queries are thrown right into the mysql_query() function. How are you going to check a query string this way if something goes wrong?
You are using mysql* functions instead of mysqli* functions
index.php
Very first line of code has an error suppression operator. Why would you do that?
There is markup mixed with the PHP code.
There are no isset checks for superglobal array members (if $_GET['show'] == 'all'). If there is no $_GET['show'] you get an error.
You have queries, result fetching and result displaying all right in the output.
includes.php
Code: Select all
function mse($source) {
// Do we return the Real Escape String or the source?
//return mysql_real_escape_string($source);
return $source;
}
Seriously?
Code: Select all
function getBoardName($bid) {
global $_PREFIX;
$result = mysql_query("SELECT * FROM `{$_PREFIX}boards` WHERE `id`=" . $bid);
$brd = mysql_fetch_array($result);
return $brd['title'];
}
If you only want the 'title' column select it. Why would you select the entire column set only for one column?
Also, why the excessive use of globalizing?
Censor list is a hardcoded array. Why not database those then allow the board admin to admin them?
Why the use of functions for a specific bbCoding of language when you can use GeSHi or something else?
There is entirely too much markup in the code. That makes maintenance very difficult and renders reusability virtually impossible if you wanted to allow skinning. What if I want to make my own theme and didn't want to use tables all over the place?
That is about all I can do right now. For a first run it is decent. For a 1.8 release, not so much in my opinion. I am glad it works for you though.