What is Digg?44 Comments
- ascheinberg, on 10/12/2007, -1/+12This tutorial is from 2001. It's massively outdated, the resulting blog is completely insecure, and this won't even work with the latest version of PHP, and if I recall, the last several releases before that when register_globals started defaulting to off.
Reported as "old news." - Bogtha, on 10/12/2007, -3/+11Not only does this have a massive security hole, but it won't even work with PHP 4.2 and newer (basically any version less than four years old) in the default configuration due to its reliance on register_globals. This is probably to do with the fact that the article was written in 2001. Lame.
- bluesydude, on 10/12/2007, -1/+8What is wrong with wordpress? At least for most folks. Cool tutorial.
- LuxFX, on 10/12/2007, -0/+5Exactly! I develop a lot of LAMP systems from scratch. I like developing LAMP systems from scratch. But Wordpress, when appropriate, is a terrific system. Being chained to Wordpress -- it's like being chained to Keira Knightly. You snap your fingers and say, 'Darn' with as much sincerity you can muster, but then you can just enjoy being chained to Keira Knightly.
- jokerr, on 10/12/2007, -1/+5Where do I start? This article is obviously from 2001 and might have been considered helpful back then. However, five years later everyone and their dog has a blog. Why would you re-invent the wheel? Just by doing a simple search you can find countless blog tools out there to "create your very own blog!" The tools have been out there for a while now and they work. Unless you're looking to create a fork of WordPress or any other PHP/MySQL blogging tool this article is a waste of time IMHO.
- flood6, on 10/12/2007, -0/+4What happened to learning or expanding your skills? If you know how to build your own dynamic site, then this tutorial isn't written for you. The first complete sentence in TFA: "This tutorial is aimed at intermediate or advanced Web designers looking to make the leap into server-side programming."
I realize this thing is old and I'm not going to dig it because I've seen better tutorials with similar aims, but I don't understand questioning why people would want to build their own sites. It's fun, educational, building blocks for more advanced programming - 100 people could give 100 different answers. - Toxygene, on 10/12/2007, -1/+5>Bogtha, would you care to elaborate on this 'massive security hole'? If you're going to make such a bold statement, it's generally good practice to back it up. Are you referring to register_globals?
Hole #1: Unfiltered user input passed directly to database. Possible SQL injection attack.
INSERT INTO Jokes SET JokeText='$joketext', JokeDate=CURDATE();
Hole #2: Unescaped output from database. Possible XSS attack.
// Display the text of each joke in a paragraph
while ( $row = mysql_fetch_array($result) ) {
echo("" . $row["JokeText"] .
"");
}
This article is absolutely horrible. Crap like this gives PHP a bad name. - mjar81, on 10/12/2007, -2/+6Lets go ahead and reinvent the wheel, huh?
I have a blog. I use Wordpress. My occupation? I'm a web developer.
I have the knowledge and skills to create my own, but why? What's the point? It's been done and done well.
I'm not going to spend countless hours developing my own blogging system when i can install Wordpress (or typepad, or any other blogging application) in less than 10 minutes and get it up and running. Isn't that the definitive purpose of opensource applications?
If you want to do something, join the development team or submit bugs/patches.
Wordpress is great: http://www.ear-fung.us/ - Bogtha, on 10/12/2007, -0/+3> HTML and CSS are not languages, they are formats.
Of course they are languages. HTML is a markup language (HyperText Markup Language, remember?), and CSS is a style sheet language.
They aren't *programming languages*, but they are languages. - inactive, on 10/12/2007, -2/+5Well it can work with PHP 4.2 +. All that needs to be done is to set register_globals to on. I agree that it's a security issue, but you are wrong when you say it won't work with PHP 4.2 +.
- ChrisSoutham, on 10/12/2007, -1/+4I hate this sort of thing. It encourages bad practice and a lack of understanding and knowledge.
Logic is something you either get or you don't - I can assure you that this kind of code won't withstand the Digg effect! - mwalters, on 10/12/2007, -1/+3"Learn it, or be chained to Wordpress FOREVER!"
The problem here is that your implying being "chained to Wordpress" is a bad thing. I know plenty of PHP/MySQL etc to build my own blogging system, but the longer you develop, the more you learn where to draw the line on when you should develop/support something yourself, and when you should let someone else do the grunt work so you can spend your time using the application. - dwainetrain, on 10/12/2007, -1/+32001 article? Plus, this framework is a long way off from a working Wordpress model.
- pinsomniac, on 10/12/2007, -1/+3I concur. I've been using WordPress since b2 (before branching off) and have found it to be surprisingly versatile. I'm actually in the process of building something based on the platform to help a few local service clubs maintain an online presence. It's a crude CMS, sure---but sometimes that's all you really need.
- mrsticks, on 10/12/2007, -0/+2It's a small intro into a very big picture, but I agree, it's not needed for most bloggers out there. For most people, Wordpress or some other software is fine for them. Most people dont need to know HOW the software works exactly, just how to maintain it.
And for someone really wanting to create their own blogging software, this article is outdated and far too simple. - mistermoss, on 10/12/2007, -2/+4Ergh. Not only is this old and broken for the latest PHP ... it's also a really great example of bad coding practices.
Simply put, there are three different languages intermixed in 97 lines of code (HTML, PHP, and SQL). Add CSS and Javascript, and you're looking at 5 languages on a single page. Ouch.
Splitting the code that talks with the database into a separate file. We don't even have to get into object oriented design or anything fancy -- just separate the code into manageable bites.
It's such a simple thing to teach people, and it would also make the examples far less intimidating to look at.
No digg. - Bogtha, on 10/12/2007, -0/+1I didn't even realise dante had replied, I blocked him a while ago because virtually all his comments are stupid juvenile crap, mostly of the form "YAaya I can digg it! AHahah" and nothing else. Dante, if you actually want people to read what you write, I suggest you quit posting junk.
@meatbites,
No, I'm not referring to register_globals. waterandfood and Toxygene have explained the issues nicely. Assuming magic_quotes is on and blindly dumping user-supplied data into your SQL is just plain stupid, as is blindly dumping user-supplied data back out in the security context of your website. - lexbaby, on 10/12/2007, -0/+1"This series covers everything from installing PHP & MySQL under Windows or Linux"
Yeah, it's called xampp. Download, install, done.
http://www.apachefriends.org/en/xampp.html - kaniz, on 10/12/2007, -0/+1Rolling your own blog if you want to get into programming, is a good way to get your feet wet with creating dynamic database driven web applications. Its not all that hard to get something basic up and running. However, if you're not a programmer, and just want a blog : there is no reason to make your own when there are loads of free/open source ones out there.
But, creating your own - even if just a very basic one, is a great learning exercise. Hell, I think it would be a great end of year assignment for a 1st year web development course. - squeevey, on 10/12/2007, -3/+4This is neat, however, I'd rather setup the blog real quick and start posting about the things I do rather than taking time to program the whole thing.
- inactive, on 10/12/2007, -1/+2Agreed. When more developers start seeing programming as a tool, as opposed to a solution, then we will start seeing some amazing things getting built.
Architects don't sit around talking about what kind of pencils thy use, or how cool it is to draw lines on paper. They see the tools as a commodity, and let their imaginations create great things.
Remember, the pyramids were built with sand. - koweja, on 10/12/2007, -2/+3Being able to do this is cool and all, but not really necessary if all you need is a blog. There are plenty of opensource blogging packages you can download, which work with the current versions of MySQL and PHP (or others).
- dknighton, on 10/12/2007, -1/+2The description is, IMNSHO, ***** ignorant. I have been a WordPress user for years now, and it is an absolutely wonderful blog system. It's easily extended, has a great admin system, and runs quickly. If there were anything that I didn't like about it, it would be the lack of creativity with the theme community...they seem to recycle old ***** way too much. But hey...you can always create your own skin!
You've got a long way to go before you even think about replacing anyone, Junior! I know WordPress, I'm friends with WordPress, and you, sir, are NO WordPress! - DrumsNWhistles, on 10/12/2007, -0/+1I like Wordpress. I also like tinkering under the hood, so this tutorial is helpful as a high level overview and dugg for that. Seems like the remark about being a slave to wordpress is kind of useless.
- meatbites, on 10/12/2007, -1/+2Bogtha, would you care to elaborate on this 'massive security hole'? If you're going to make such a bold statement, it's generally good practice to back it up. Are you referring to register_globals?
- GMonkey, on 10/12/2007, -0/+1I coded my own blog from scratch in notepad about two years back, and I'm glad I did.
- lord2800, on 10/12/2007, -1/+2You can also just use import_request_variables() (http://us2.php.net/manual/en/function.import-request-variables.php) or extract() (http://us2.php.net/manual/en/function.extract.php) if you wanted to emulate register_globals.
- lord2800, on 10/12/2007, -2/+3HTML and CSS are not languages, they are formats.
- Bogtha, on 10/12/2007, -0/+1> Neither are languages in any sense of the word
"A system of symbols and rules used for communication with or between computers."
http://www.answers.com/language
HTML communicates document structure and semantics, CSS communicates rendering hints. They are both languages. - waterandfood, on 10/12/2007, -1/+2dante2010, he mentioned "default configuration" which is true. Now to everyone, this code relying on register_globals being on does not make it any more insecure than if it were off. You can write secure code, or insecure code, with this directive on or off. The real problem here is lack of data validation from the http request. This tutorial relies on the magic_quotes_gpc directive being on which isn't a good idea. It should for example use mysql_real_escape_data() instead. But then again, both these directives won't even exist in PHP6 :) Since most comments refer to directives, consider reading what that manual has to say on the topics:
* http://php.net/manual/en/security.globals.php
* http://php.net/manual/en/security.magicquotes.php - dismorfo, on 10/12/2007, -1/+1looks like everyone has something bad to say about this article, if this is so wrong and give PHP a bad name ... Why don't try to post another article that teach how to Build a Blog From Scratch , that would be nice for people like me.
- Xolt, on 10/12/2007, -1/+1What the hell... Why would a tutorial be posted from 5 years ago? 1) Zend is no longer moving on php4 2) Big security hole. Would be nice to have a tutorial on something like this, but newer and more up to date with the technologies... No digg
- jonese, on 10/12/2007, -0/+0This article was a lead-in to a book by them. you can see the latest version of the book here http://www.sitepoint.com/launch/3d0e01/3/1 as well as download a few chapters for free. They offer some other really great books (of which i own most of!)
- neoknight, on 10/12/2007, -1/+1Nowadays anyway you need to get stuff done, rather than figure out how it's done.
- sledgehbk, on 10/12/2007, -0/+0I'm happy with wordpress, and if I'm going to do something from scratch, it's going to be something worthwhile, not something people smarter than me are working on every day.
- lord2800, on 10/12/2007, -1/+1You want to get technical with me? Fine. CSS is a stylesheet format that specifies what style to display an element in. HTML is a markup syntax that tells a user-agent what layout to display the page in. Neither are languages in any sense of the word, because you cannot read them as you would a standard natural language. They are formats, just like all programming languages.
- th3sius, on 10/12/2007, -0/+0I would recommend getting into the habit of using $_GET['some_var'] for URL requests and $_POST['some_var'] for Form requests. Not every host has Global Vars turned on.
- alienvenom, on 10/12/2007, -2/+1Uh, yeah this article has yet to be improved for sure. I'd also like to know why you think, after reading the article, I wont be chained to WordPress. I happen to like WordPress and I use it for my weblog. Interestingly enough, I could probably write my own weblog software, given enough time.
What bothers me most is that you suggested that, simply after reading this article, I could move away from WordPress. That is not true. WordPress uses classes, and many other fundamentals to PHP that this article simply does not cover. There is no way someone who knows nothing about PHP/MySQL (at least on the level of the code in the article) could write a respected weblog after reading this article. No digg for me either. - tresudek, on 10/12/2007, -1/+0Well, wordpress is great. but like a lot of other solutions, it is harder than it could be to make significant changes to the layout. If you want something that is barebones like this tutorial, try http://www.supersimple.org
- plord, on 10/12/2007, -4/+1I agree with you. And it's starting bad practice ie disabling warnings / errors with the @ instead of using exceptions which didn't exist in php4 in 2001.
- dime, on 10/12/2007, -6/+2
Ruby on Rails fanboy brigade in 3... 2... 1.... - seviyon, on 10/12/2007, -5/+1great newbie php-sql tutorial, thanks man.
- m00kie, on 10/12/2007, -9/+1Ruby on Rails.
nuff said
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is