[sf-lug] PHP script advice
asheesh at asheesh.org
Mon Jun 9 12:02:24 PDT 2008
On Mon, 9 Jun 2008, Owen Pietrokowsky wrote:
> I'm learning PHP from a tutorial, and I'm unable to get the
> following code to work (The code inserts a record into a MySQL database of jokes.):
This tutorial teaches terrible, terrible practices - hand-crafting SQL
strings without escaping, and adding user input into them.
This practice is one of the most "famous" in the PHP community, and the
biggest reason for break-ins due to PHP code.
(I think the real reason is the spurious "SET" in the SQL code it
generates, but I haven't honestly given it all that much attention.)
http://www.phpbuilder.com/columns/ben_robinson20070314.php3 is one
mostly-trivial tutorial to get you started, and
http://devzone.zend.com/node/view/id/686 is one reasonable-looking
tutorial for actually doing something.
Those are my thoughts; for now, it's lunchtime.
A part of an operating system that preserves the medieval
traditions of sorcery and black art.
More information about the sf-lug