HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

Guestbook script

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
scriptguestbookstackoverflow

Problem

I'm brand new at OOP PHP and I would like to get as many of the coding conventions right as fast as possible. I made this tiny guestbook script, and I would like to know if there's anything not done as it should.

Index.php:


    


Guestbook.php, the class:


                '.$row['navn'].'
            
            
                '.$row['besked'].'
            
            ';
        }
    }

    public function addPost($navn, $besked) {
        mysql_query("INSERT INTO gaestebog VALUES('', '$navn', '$besked')");
    }
}
?>


guestbook.php, the view:

addPost($navn, $besked);
}
?>

    getPosts();
    ?>

    
        
            Navn:
            
        
        
            Besked:
            
        
        
            
        
    

Solution

Yes, the first, and most obvious thing to note is your vulnerability to SQL injection.


Please, don't use mysql_* functions in new
code. They are no longer maintained and the
deprecation process has begun on it. See the
red box? Learn about prepared
statements instead, and use
PDO or MySQLi - this
article will help you decide which. If you choose
PDO, here is a good tutorial.

Also, it's considered good practice to separate logic from presentation (i.e. PHP from HTML).

Context

StackExchange Code Review Q#18386, answer score: 7

Revisions (0)

No revisions yet.