Web Design Forum: BenTheDesigner - Viewing Profile - Web Design Forum

Jump to content

WDF
WDF Premium Memberships Reseller Hosting

BenTheDesigner's Profile User Rating: -----

BenTheDesigner's Photo
Reputation: 20 Excellent
Group:
Members
Active Posts:
147 (0.15 per day)
Joined:
22-September 09
Profile Views:
4,915
Last Active:
User is offline Nov 22 2011 11:01 PM
Currently:
Offline

My Information

Member Title:
Dedicated Member
Age:
24 years old
Birthday:
July 21, 1987
Gender:
Male Male
Location:
Plymouth, Devon
Interests:
Web Design, JQuery, (X)HTML, CSS, Web Standards, PHP, Adobe CS4, Typography, UI Design

Contact Information

E-mail:
Private
Website URL:
Website URL  http://www.bentadiar.co.uk
Skype:
Skype  ben.tadiar

Users Experience

Experience:
Advanced
Area of Expertise:
Web Designer

Latest Visitors

  1. Recent Status Updates
  2. About Me
  3. Topics
  4. Posts
  5. Blog
  6. Gallery
  7. Awards
  8. Files

Posts I've Made

  1. In Topic: Line break using php

    22 November 2011 - 11:01 PM

    View PostJock, on 19 November 2011 - 04:11 PM, said:

    It makes view source nicer...

    echo "<ul>\n";
foreach($members as $member) {
    printf("\t<li>%s</li>\n", $member);
}
echo "</ul>";



    Though I wouldn't add line feeds deliberately if the only advantage is pretty source code. It also forces PHP to interpret more escape sequences and parse variables.

    As an example, a good use of newlines would be if you required your application to write log files, maybe for Exceptions thrown by the application. New lines would separate these log entries and make them easily readable.

  2. In Topic: Downloading a CSV File Using PHP...

    22 November 2011 - 10:50 PM

    Hi Gareth,

    By 'log in' do you mean via FTP/SFTP or using HTTP Basic Authentication, OAuth etc? They are all very different and will require appropriate advice.

  3. In Topic: Can't retrieve details via. GET

    22 November 2011 - 10:36 PM

    Hi Matt,

    I hate to rain on your parade, but there are a few comments I'd like to make about your code that could help you prevent problems in the future.

    The first is the fact that you're using the out of date mysql_* functions that were superseded by the mysqli extension which has been available since PHP 5.0.0 (2004). MySQLi, or MySQL Improved, provides enhanced security in the form of prepared statements, and an object-oriented interface which results in cleaner, more maintainable code - just two of the reasons to convert. Personally I'd recommend PDO for it's portability and overall wider range of features.

    The second is that you're not sanitising or validating user input. GET/POST can contain anything the user wishes - it is your responsibility to escape this data and you should NEVER rely on hoping the user does not enter a value that could potentially be used in an SQL injection. Always, always, always sanitise - it is bad system design not to. In this specific case you should be calling mysql_real_escape_string and casting the variable to the type it will be used as (I'm guessing int).

    Hope this helps you,
    Ben

    /rant

Friends

Comments

BenTheDesigner has no profile comments yet. Why not say hello?