http://www.kidsmealdeals.com/beta

I posted a while back about a website I was working on called Kidsmealdeals.com. Well since then there has been lots going on. We were featured on local TV news stations, countless number of articles that include Yahoo finance, AOL, USA Today..

So lots of coverage, but that means lots of users.

We quickly found out our shared hosting plan was holding us back so we upgrade to a local dedicated server company. Now the CMS (content management system) has also been bogging us down, putting lots of strain on the server and database.

So I started from scratch, building the site. I've got it to a point now that I think is usable from a users perspective. So I want to show you guys so you can give it some love (try to break it)..

Oh, and our database is limited to the USA. So US zip codes only. The database is the strongest in Ohio.

Dude, that's YOU? I actually remember hearing about that on the news. The local news.

Planet Moms: The world's MILF's at my fingertips?

Not sure why, but just FYI, when I did a search for my zip (63033) the first result was a Ponderosa Steakhouse in Hannibal MO, and it said this location was only 1.4 miles from my zip, which it isn't it's significantly further (couple hours drive, not sure on the exact mileage)

Otherwise, seems like a good site. The design is nice and simple, and it's easy to use, nothing fancy or over-the-top. A+ in my book.

thanks for pointing that out, looks like because lack of address the latitude and longitude of that restaurant is way off

where are you from, Freelancer?

i got results for every captain d's for 80 miles and that's about it.

Boise

Nice, glad to hear the word is spreading.. how many people here are parents anyway? I know not many

Contact Us Page:

A. Email check isn't thorough. I just used "a@b.c" and it worked.
B. The checkbox for sending a copy of the mail + no limits = free spamming

Search:

C. You can put anything you want in the boxes, even completely invalid stuff. Looks like you at least decently covered SQL injections but there's no reason to even accept a search for a zip code containing 5000 dollar signs.
D. Your search queries are directly editable in the URL. This in itself isn't too horrible but for the above reason it makes it really easy to try and break stuff (like changing the search range to 30000 miles and getting every restaurant in your DB).

Thanks CM I'll get right on that stuff

Yeah and definitely fix your slashing functions. I practically dragged your server underwater by just inserting a bunch of slashes and watching it try to escape all the slashes and echo it back.

Also your login pages echo actual SQL queries.

For me using area code 16827 it found two Eat 'n Park restaurants. They have the correct addresses listed but both have the same mileage when the one is 30-45 minutes away.

I DA HO!


I need more alcohol...

[edit]
oh, about the echoing queries, forgot to delete that out when I was debuging

thanks, appears to be another address issue

Interesting site!

Might I suggest, if you are using CSS for the website layout, to set the body height to 100.1%, so that the scrollbar at the side is always visible thus stopping the site from jutting to the side when you switch from a page with a scrollbar to one without one?

I'm not 100(.1)% certain what the general opinion is on that, but for my own websites I usually prefer the constant scrollbar than to see my webpage bounce left and right as I switch pages. Feels kinda wonky otherwise. (To me)

A. The proper solution is overflow: scroll;
B. Generally this is a poor idea. I don't even see it jump myself.

cool, good to know, where did you look it up?

You don't see it? The website juts a quarter of an inch to the side... do you close your eyes every time you click a link?

I didn't, I've known it for a while. (Although I did have a brainfart and accidentally gave it the wrong value, this is what I get for being woken up bloody early)

But a great place to look CSS/HTML stuff up is www.w3schools.com



Considering Massassi has done this since the beginning of time, as do many other sites, no, it doesn't bother me. I also don't rapidly switch between two pages to the point where it's noticeable.

Frankly, forcing scrollbars where they aren't needed is MORE annoying than having the page shift. Having a scroll bar implies that there is something to scroll.

Fair enough. I tend to find the scrollbar on the far right of my screen much less bothersome than the website bouncing around on my screen when I switch pages, but to each his own, and I certainly understand how you see it.

well, very cool site. i only get every fazoli's and rain forest cafe in a 30 mile radius...

how many rain forest cafes can there be in a 30 mile radius o.O

Thanks Jep, usually the jumping pages annoy me too but I never even noticed it the entire time I was working on it.

Sorry Darth, but hopefully soon next time you do a search it will be full of restaurants. Luckly, selling the site is not what I do.

I might use that CSS trick on my site. Thanks.

Or just forget that sanitized input nonsense and go straight to parameterized queries and not worry about it.

Needs maps, good URLs, decent server and client side form validation.

Nice idea though.

you should tie it into firefox 3.1 geolocation >_>

Hm, not sure if I know what the firefox 3.1 geolocation is

oh detty, what do you mean by "good URLs"?

Probably ones without variables:

CM:
"D. Your search queries are directly editable in the URL. This in itself isn't too horrible but for the above reason it makes it really easy to try and break stuff (like changing the search range to 30000 miles and getting every restaurant in your DB)."

I really like the concept, though, and the design is clean and uncluttered.

A "/" in a URL should denote hierarchy, commas and semicolons should denote orderered and unordered scoping information at a given level in the hierarchy. Query variables (question marks and ampersands) should be used for additional algorithmic information that would be considered optional.

Lord_Grismath, the fact that you can edit search queries in the URL is a good thing, it means a search result page is bookmarkable and that the correct kind of request (GET) is being used. Additionally, something that understands URLs (like a web service consumer) should be able to easily manipulate the URLs to get the information it wants. If there is a specific URL combination would crash the system for some reason it should be handled by the server-side code and either aggressively cache the response to that kind of request or return a 500-range error response code.

Of course, all this isn't worth worrying about too much at this point. Having maps and proper form validation would be a better use of time. You might want to consider using a proper web framework though, most of problems and challenges would disappear rapidly if you did.

probably shouldn't be able to do this

or this

Yeah I already mentioned those :p

Well I've got an extremely busy weekend but I took some time and corrected some issues.

Well. Now that we've trashed his site... Massassi Brute Squad Away!

Cool idea. Best of luck.

no really it is appreciated. I learned some things from the feedback. I didn't totally neglected validating input, I knew my database was covered so I was "getting to" the whole validating part. And I'm not big on javascript validating because I find it totally useless

Even better yet, you would separate your presentation, business, and data layers. With LINQ to Entities/SQL your data layer is a breeze (mostly). However, I don't know how you would do your data layer in PHP et al. You'd probably have a bunch of sprocs.

You'd use one of the numerous MVC frameworks that exist for just about every language including PHP. CodeIgniter and CakePHP come to mind, they both have ORMs.