Due to updates, over time, that have been made to the site and the age of this article, this post may not display correctly. In particular images may be missing or product reviews display incorrectly.

If this is the case and you'd particularly like me to fix it, then please reach out to me on Twitter.

I’ve never run a competition before and, thanks to Creative, my first opportunity has just concluded.

And what did I learn?

Well, a lot. First of all, the questions I should be asking the prize providers. Instead I kept badgering them as I kept asking some pretty basic questions…

  • When do you want the competition to start?
  • How long do you want the competition to run for
  • Are the prizes all for one person, all a “first” prize, or staged (first prize, second prize, etc)
  • How long until delivery
  • What will you provide if a product is no longer available?

Whilst running the competition I kept an eye on the entries to ensure that I wasn’t receiving multiple entries per person or household. And, after only 24 hours, I appeared to have found a problem – 3 people, each with an AOL email address, and the same IP address. Suspicious? It looked like it to me.

However, the fact that AOL is their ISP is the key here – they use a proxy-based system, meaning that many users may share the same IP address. Wikipedia has discussed such an issue before on their own site.

The database I created to hold winner details held a name, address, email, competition answer and IP address. Based on the AOL problems I now realise that I should also store a time stamp and user agent. I’ll be making these changes for next time.

I did a lot of work on the competition coding to ensure SQL injection problems. None-the-less I realised a few days ago that although the competition entry form disappears after the closing date, the code to submit the form details into the database still exists. This means that a third party script could inject entries (although not anything that would affect security) after this time. Again, this will now be fixed for future.

Lastly, I had so many entries that just trying to keep track of “rule breakers” became a lot, lot harder – more work on flagging such things at the point of competition entry will be useful, and I feel an automated email coming on!

Meanwhile, I have contacted the 3 winners and am just awaiting a confirmation of their postal addresses before details are announced.