[sf-lug] PHP script advice

Asheesh Laroia asheesh at asheesh.org
Mon Jun 9 12:02:24 PDT 2008

On Mon, 9 Jun 2008, Owen Pietrokowsky wrote:

> Greetings,
> I'm learning PHP from a tutorial, and I'm unable to get the
> following code to work (The code inserts a record into a MySQL database of jokes.):

This tutorial teaches terrible, terrible practices - hand-crafting SQL 
strings without escaping, and adding user input into them.

This practice is one of the most "famous" in the PHP community, and the 
biggest reason for break-ins due to PHP code.

(I think the real reason is the spurious "SET" in the SQL code it 
generates, but I haven't honestly given it all that much attention.)

http://www.phpbuilder.com/columns/ben_robinson20070314.php3 is one 
mostly-trivial tutorial to get you started, and

http://devzone.zend.com/node/view/id/686 is one reasonable-looking 
tutorial for actually doing something.

Those are my thoughts; for now, it's lunchtime.

-- Asheesh.

kernel, n.:
 	A part of an operating system that preserves the medieval
 	traditions of sorcery and black art.

More information about the sf-lug mailing list