I’ve never run a competition before and, thanks to Creative, my first opportunity has just concluded.
And what did I learn?
Well, a lot. First of all, the questions I should be asking the prize providers. Instead I kept badgering them as I kept asking some pretty basic questions…
- When do you want the competition to start?
- How long do you want the competition to run for
- Are the prizes all for one person, all a “first” prize, or staged (first prize, second prize, etc)
How long until delivery
What will you provide if a product is no longer available?
Whilst running the competition I kept an eye on the entries to ensure that I wasn’t receiving multiple entries per person or household. And, after only 24 hours, I appeared to have found a problem – 3 people, each with an AOL email address, and the same IP address. Suspicious? It looked like it to me.
However, the fact that AOL is their ISP is the key here – they use a proxy-based system, meaning that many users may share the same IP address. Wikipedia has discussed such an issue before on their own site.
The database I created to hold winner details held a name, address, email, competition answer and IP address. Based on the AOL problems I now realise that I should also store a time stamp and user agent. I’ll be making these changes for next time.
I did a lot of work on the competition coding to ensure SQL injection problems. None-the-less I realised a few days ago that although the competition entry form disappears after the closing date, the code to submit the form details into the database still exists. This means that a third party script could inject entries (although not anything that would affect security) after this time. Again, this will now be fixed for future.
Lastly, I had so many entries that just trying to keep track of “rule breakers” became a lot, lot harder – more work on flagging such things at the point of competition entry will be useful, and I feel an automated email coming on!
Meanwhile, I have contacted the 3 winners and am just awaiting a confirmation of their postal addresses before details are announced.