Last Good Quote: Son's are the seasoning on our lives. - Someone on Facebook

Friday, February 29

Question from Bill Gates

I used LinkedIn (a social networking application)

On it Bill Gates had asked a general question; What can we do to encourage young people to pursue careers in science and technology?

My response is below:

It boils down to Respect and Reputation. One of the reasons that young people admire and purse careers is that they see the position as one of respect and authority in the community.

For example, the big time lawyer, the life saving doctor, the helping policeman; these are all positions which come with a large degree of respect and reputation.

Currently I believe that youths tend to view technology jobs as high paying white collar jobs. Reputable well paying positions but not very "exciting".

I think we, the technology group, have done ourselves a dis-service by marketting technology as easy to learn and any one can learn it. This takes away from the respect that one can get for having this job. We may be making it look too easy. I say look because I am well of aware just how hard it is to do things correctly and succeed in our industry, but I wonder how many young adults are aware of this.

Now this is counter to what a lot of folks and groups are doing to encourage technology in our youths. And I certainly would not stop any of these efforts. This might be considered a different tact.

An action that could be taken is to either create another title or pick one that is out there , I believe we have enough, and work at creating an image of that title. An image which will stand beside and out "shine" the Lawyer, Doctor, Buisess Exec career choices that young adults face.

I mean no disrespect to all the great technology leaders out there. I am awed and very respectful of your reputations.

These thoughts come after volunteering teaching young minority kids in the 9 – 12th graders .NET web development for the past 4 years. This is through a community driven organization. I have found the childgrens thoughts and actions very insightful and for anyone that has not taken the time to give back to the community in this well.

I am no author but these are some things that I thought I should share.

Friday, February 22

Simplest of Template Systems

I've looked at a number of templating engines over the years. Some are very nice, however they all seem a bit large for what I usually am trying to build. I've used the follow technique which is dead simple.

I put two include statements in each file, one at the top and one at the bottom. Like so:

Main contents and code

That's it. I create my layout and then I look for the large part of the layout where the main content would go, this gives me my "dividing" line. All code above this goes in the templateTop, all code below it goes into templateBottom.

For Example

I have a page, with a menu across the top, some content and a footer. This is how my html might look.

Hello and welcome to the grand site of ....

This goes into the top

This goes into the bottom:


Draw Backs

There is one drawback to this method, if you use images or have referential links within your template files, they could have the wrong url because your base will always be the file that did the include.

For example, if you have the following line in your template file.

The root of the file included the template will be included with this:

When the file index.php has the include:
But when the file /actions/buyItem.php has the include:

To fix this you must always use fully qualified paths or refer to the root by have a "/" in the front of all referential urls.

Wednesday, February 20

Link: Why we banned Lego

A very informative view on how a Lego Town built by kids, leads to a deeper understanding of communities and power structures.

Tuesday, February 19

Defeating SQL Injection

Your code is the walls which protect your intellectual ideas. The best attack your enemy has is SQL injection. Are your walls providing a suitable defense? (*groan* That was a horrible opening but it was the best I could do)

A few comments on this blog were made on SQL Injection, so I thought I'd post some thoughts. There are many articles about how to prevent SQL injection, I am going to cover just a few techniques.

The Problem
If you don't know what SQL Injection is Google it, but quite simply it is a way for external forces to execute SQL statements on your database. Statements like:
delete from user (scary)
update user set money= 100000000 (hacker)
Most of these types of hacks happen when a user types specific things into a text box or address bar. This being the case you want to "clean" all incoming input. Rule of Thumb: Very rarely trust and always verify. (Trust but verify?)

The reason this hack works is because when you use a variable in a sql statement it can contain malicious code. For example the following piece of codes is suspect to SQL Injection:
$sql = "Select * from user where username = '$username' and password = '$password';"

If the user uses the following as their username ';delete from user; it will delete all users from your tables.

The Solution

Clean all your variables. I run all variables, regardless of how I use them through a clean function. The clean function is responsible for removing quotes and cleaning up odd characters.

The function takes a variable, cleans it and returns it. If you use this code, please add your own steps to ensure protection of your data, this is a simplistic clean function. Below is some of the function:

function clean($value)
$value = trim($value);

$value = strip_tags($value);

$value = mysql_real_escape_string($value);

if (!get_magic_quotes_gpc())
$value = addslashes($value);

$value = rtrim($value);

return $value;
I use this function like so:

$sql = "Select * from user where username = '" . clean($username) . "' and password = '" . clean($password) . "';"

Another Solution
The other step I take is that I have overwritten the mysql_query function so that it replaces my table names. I wanted to make it difficult for people to guess my table names, so I have the following function:
function executeQuery($sql)
$sql = str_replace("s_", "game_", $sql);
$q = mysql_query($sql) or die("SQL Error on $PHP_SELF: " . $sql);

return $q;
This replaces any s_ with game_, I might name my table "game_user" however my sql would be select * from s_user.

Hopefully this helps those who have questions about SQL Injection.

Friday, February 15

Battle Forces Online: Bounce Rates and Visits

Interesting .... Between Jan 15, 2008 and Feb 15, 2008.

Low Bounce Rates:
  • - 7 hits, 15% bounce rate
  • - 19 hits, 27% bounce rate
  • - 7 hits, 29% bounce rate
  • - 37 hits, 30% bounce rate
  • - 97 hit, 62% bounce rate
Most Visits From

SQL Select Statements Kept Simple

This is a quick article on writing simple and complex select SQL statements. This primer can be used for mySQL and many other database systems. Please keep in mind this is a primer, please research and read other materials to enhance your knowledge.

For those of you who are wondering, mySQL is used in browser based game design quite often. However from some of the question I see posted in forums some developers don't quite understand the intracity of SQL.

Select Statement

The select statement is used to get information from the database. It consists of 3 parts. The Fields the tables and the where clause.
from user
where user.username = 'mobeamer'
  • Fields - Can contain a list of fields that you want to select.
  • Table - will contain one, possibly more tables that hold the fields
  • Where - This will allow you to restrict the information you receive.
Notice that I surrounded mobeamer with quotes, this is needed for strings and is good practice for other data types. A good rule of thumb is when in doubt add quotes.

Notice that I fully qualified the fields by putting the table name in front of the field name. This is not needed when writing a simple select but it is considered good form AND it will come in handy when you decide to "upgrade" your SQL statement (see joins).

Inner Join

An inner join will allow you to pull information from multiple tables with one query. The syntax for an inner join is as follows:
Let's say you have a user table which contains all the player's information. You also have a units table that contains all the units that a player can have. You need a select statement which will get the player's name and the unit's name. In this instance my unit table has a column called ownerID which holds the userID of the owner.
select user.username, unit.unitname
from user
inner join unit on unit.ownerID = user.userID
where user.username='mobeamer'
Another example:
select user.username, unit.unitname
from user
inner join unit on unit.ownerID = user.userID
where unit.class = 'Warrior'
In most cases your joining field will be named the same in both tables, but I wanted to show how this was not necessary.

Notice, that you must fully qualify fields that exists in both tables. You should be aware when using an inner join, as in the first example, if the user does NOT have any units they will NOT appear in the result set.

Be very careful with inner joins as they ALWAYS restrict the result set. (See outer joins)

Outer Join

An outer join works in the same fashion as an inner join with one exception. The join will NOT restrict the returned set For example, in the example above, a player may not have a unit. In this case, an inner join would not pick up that player's name. An outer join on the other hand would pickup this player.
select user.username, unit.unitname
from user
outer join unit on unit.ownerID = user.userID
where user.username='mobeamer'
This will get all user, regardless of how many units they have.

Notice, the first table in the select statment begins the result set. Every outer join from there on can only add rows or columns to the recordset.

A good rule of thumb is to always use an outer join as you will never lose data with an outer join.

How I do It

This is how I write a complicated sql statement, this may not be best practices but I think it may add some context.

I wanted to create a page, which displays a player's profile. I knew I needed a number of fields from the player's table, unit's table and item's table. (Items are things that the unit holds)

I knew I wanted to display all players that had registered, so I started there.
Select user.username, user.numKills
from user
where user.isRegistered = 'Y'
I then wanted to display the unit's name, class and life
Select user.username
, user.numKills
, unit.unitName
, unit.class
from user
left outer join unit on unit.ownerID = user.userID
where user.isRegistered = 'Y'
I then wanted to display all the items that the unit held, and the item's description
Select user.username
, user.numKills
, unit.unitName
, unit.class
, item.itemName
, item.itemDescription
from user
left outer join unit on unit.ownerID = user.userID
left outer join item on item.unitID = unit.unitID
where user.isRegistered = 'Y'

This was the sql that I ended with.

Further Articles
Good ideas to follow this up with:
  • Updates, Inserts and Deletes
  • Restricting an inner or outer join
  • Links and Resources

Wednesday, February 13


Why won't they Play my Game?

I've been researching how to convert users for my browser based game Battle Forces Online. Well the first thing I had to do was to deiced what a "conversion" meant. After much labor and hard thought (30 to 40 seconds) I came to the brilliant conclusion that there are 3 different things I want from players.

I want players to hit my landing page and start playing the game. I consider a user who creates an account and adds a Blade to the battle field. I consider these my players.

In order to generate more players, I need players to vote on one or more listing sites. This seems to drive more users then any other action that I can do. This is a sort of secondary conversion as this can not be done by a user, but can be done by a player (person with an account).

The hardest sell. There is/will be an upgrade feature which will allow players to purchase items within the game. A conversion would be getting a player to buy this item.

In my next post, I will follow up with how I can make modifications to my landing page to facilitate these conversions.

So How can I optimize the Landing Page

Large Images
Large images placed in the center of the page that contrast with the background draw the eye. Currently I have a large image that spans 75% of the landing page, I am going to restrucutre this to have the "Play Now" button in the middle of the page.

Contact Information
Potential players are much more comfortable when they know they can contact the developer or support team for the game. Since this is the case, I will add a send message form where users can send me a message and I get it via email.


Potential players love screenshots as do reviewers. I have screenshots on the page so I will keep them, however I must remember to not let them overshadow the "Play Now" button.

Registration should be as simple and as accessible as possible. I think I will add both a login and a register form to the entrance page.


Users will read the first headline on your page 90% of the time...what is mine?

In order to test these changes, I plan on creating a folder called "Landing", I will then figure out which of the landing pages convert the best.

Keep it as simple as possible, classy but simple.

Interesting Items to Follow Up With:
  • How to convert players to payers

Tuesday, February 12

Development Environment

A lot of people ask how they can start/learn to develop browser based game, hopefully this article will help get them started. This article may be helpful to developers who are struggling to make changes / develop games without disturbing the production version.

The development environment comes into play for both these circumstances. There are a number of ways to setup your development environment. The solution is both short and sweet.

Please keep in mind this is only good for development teams of 1 or 2 individuals, you will need to do much more if your team consists of 3+ developers/coders.

I tend to use Uniform Server ( as my environment. It’s a simple download you unzip and click a “start” executable. Yes, this is a Windows solution however, there are a number of alternative solutions, just search for LAMP on google.

It runs Apache, mySQL and PHP with a number of utilities. The great part is it’s less then 2GB so it fits on a flash drive, this means you can work on any windows, anywhere.

I use that to develop on my local machine. Once I am ready, I ftp my changed files to the site. (After making the database changes)

Every so often I will download the entire site from production and over write my development file. This helps keep my local version from getting to far from the production version.

Battle Forces Online - Major Re-vision

Battle Forces Online has gone through a large change.

I decided to keep the "game" a bit simpler and see what happened. I'd like to outline what I am thinking at this point.

I wanted to address the fact that a lot of users would enter the game and not know what to do. In the old system, you had to deploy and setup an army, this allows you to join a battle in progress.

Players now join the game and see a map, which all players share. They then can add their own units (Blades) by starting a "New Adventure". I also added a Tutorial hopefully this will help.

Players have the ability to add as many of their Blades to the board as they would like. However, once added a Blade can not be removed from the board.

The goal of the game is pretty simple, as you gain more coins you can hire more Blades which allows you to further control the board.

Some things I'd like to develop in the near future:
  • Multiple Worlds
  • Ability to buy items for Blades
  • Guilds
  • Challenges
  • Towns