patternphpMinor
Guestbook script
Viewed 0 times
scriptguestbookstackoverflow
Problem
I'm brand new at OOP PHP and I would like to get as many of the coding conventions right as fast as possible. I made this tiny guestbook script, and I would like to know if there's anything not done as it should.
Index.php:
Guestbook.php, the class:
guestbook.php, the view:
Index.php:
Guestbook.php, the class:
'.$row['navn'].'
'.$row['besked'].'
';
}
}
public function addPost($navn, $besked) {
mysql_query("INSERT INTO gaestebog VALUES('', '$navn', '$besked')");
}
}
?>guestbook.php, the view:
addPost($navn, $besked);
}
?>
getPosts();
?>
Navn:
Besked:
Solution
Yes, the first, and most obvious thing to note is your vulnerability to SQL injection.
Please, don't use
code. They are no longer maintained and the
deprecation process has begun on it. See the
red box? Learn about prepared
statements instead, and use
PDO or MySQLi - this
article will help you decide which. If you choose
PDO, here is a good tutorial.
Also, it's considered good practice to separate logic from presentation (i.e. PHP from HTML).
Please, don't use
mysql_* functions in newcode. They are no longer maintained and the
deprecation process has begun on it. See the
red box? Learn about prepared
statements instead, and use
PDO or MySQLi - this
article will help you decide which. If you choose
PDO, here is a good tutorial.
Also, it's considered good practice to separate logic from presentation (i.e. PHP from HTML).
Context
StackExchange Code Review Q#18386, answer score: 7
Revisions (0)
No revisions yet.