mysqli has been around since PHP 5. I can't believe people are still TEACHING raw queries. parameterized queries and prepared statements are infinitely safer than quote escaping and slash stripping.PHP has a legacy of horrible security vulnerabilities. This 'tutorial' merely enforces that.
How the hell can you have written a PHP app without declaring variables?! What exactly do you do with PHP? Not writing classes, or functions - fair enough, as a lot of beginners don't tend to (I do recommend you read up on proper OOP as it will save you a lot of time and it'll ensure you're writing good, reusable code)
Well, going by this article - I can see why you might think PHP isn't a great language - but it's purely down to the poor practices used. You can have persistent connections with PHP, and you don't need to declare a connection to the db every time you wish to run a query. With a well written db class, you could declare a connection to the db, and run as many queries as you like (then close the connection).
@covertbadgerNo, none of them is mission critical. They are important to the community, as we all know, but they are not mission critical if you compare with those online banking websites. High-end? Facebook may be a high-end website, but Wikipedia and Digg, no, it was because they don't need to be. And in contrast, low-end websites are often (if not always) more reliable and tend to have fewer security vulnerabilities.Btw, don't take me wrong for what I've said. I love PHP for doing simple website backends, because it's very handy. But for those bigger projects I have followed so far which are coded in PHP, performance (without accelerator) and maintenance are just not as good as other alternatives.
"So by your definition of "high-end", Walmart.com is a more "high-end" website than Digg?"Er, yes. By miles. Digg might have more nerd-credibility, but it's just a fricking message board with scoring. Hell, my old .slrnrc file used to rank and sort usenet groups according to my own preferences and history (people I replied to directly would be upmodded) - Digg is basically the same thing aggregated across the userbase, with a lick of web-2.0 paint.In fact, if I hadn't been posting on Digg, I wouldn't even have included it in my list.
This is a great article but (yes, their is always a "but") most folks don't realize that there are major security risks that beginner developers inevitably open up. I'm not saying that getting started is a bad idea, but please don't expect to read this article and then build a "production ready" CMS for your clients.If you're looking to learn the basics of how to get started, this is a good conceptual read. If you're looking to find a quick solution to content management (especially for a client), I strongly recommend NOT doing it yourself unless you are an experienced developer and very conscious of website security. I've seen far too many people's websites get compromised (oftentimes unnoticed for months) where someone installs a back door through a vulnerability on a home grown CMS and starts their own spam site in a subdirectory that no one ever looks at. Most "hackers" these days aren't looking to get into your websites to destroy them -- they're looking to use them as hubs to publish and relay spam (and phishing) pages.A better solution for people with little to no development experience is to find a CMS that suits your need. You could try something like WordPress <a class="user" href="http://wordpress.com/">http://wordpress.com/</a> to start with. Or, if you want to edit a website that's already been created, you can use a remotely-hosted system like Surreal CMS <a class="user" href="http://surrealcms.com,">http://surrealcms.com,</a> which is ready to use in a matter of minutes.
amyvernonJan 13, 2009
totally teaching myself all this stuff right now; can use all the tips I can get... thanks.
spyder638Jan 13, 2009
When I click watch video it sends me to a page of a goatse...... What the f**k?
pnpbiosJan 14, 2009
mysqli has been around since PHP 5. I can't believe people are still TEACHING raw queries. parameterized queries and prepared statements are infinitely safer than quote escaping and slash stripping.PHP has a legacy of horrible security vulnerabilities. This 'tutorial' merely enforces that.
bigpunJan 14, 2009
How the hell can you have written a PHP app without declaring variables?! What exactly do you do with PHP? Not writing classes, or functions - fair enough, as a lot of beginners don't tend to (I do recommend you read up on proper OOP as it will save you a lot of time and it'll ensure you're writing good, reusable code)
bigpunJan 14, 2009
Well, going by this article - I can see why you might think PHP isn't a great language - but it's purely down to the poor practices used. You can have persistent connections with PHP, and you don't need to declare a connection to the db every time you wish to run a query. With a well written db class, you could declare a connection to the db, and run as many queries as you like (then close the connection).
hawkeye22Jan 14, 2009
Thank you both :)
shinkouJan 15, 2009
@covertbadgerNo, none of them is mission critical. They are important to the community, as we all know, but they are not mission critical if you compare with those online banking websites. High-end? Facebook may be a high-end website, but Wikipedia and Digg, no, it was because they don't need to be. And in contrast, low-end websites are often (if not always) more reliable and tend to have fewer security vulnerabilities.Btw, don't take me wrong for what I've said. I love PHP for doing simple website backends, because it's very handy. But for those bigger projects I have followed so far which are coded in PHP, performance (without accelerator) and maintenance are just not as good as other alternatives.
covertbadgerJan 23, 2009
"So by your definition of "high-end", Walmart.com is a more "high-end" website than Digg?"Er, yes. By miles. Digg might have more nerd-credibility, but it's just a fricking message board with scoring. Hell, my old .slrnrc file used to rank and sort usenet groups according to my own preferences and history (people I replied to directly would be upmodded) - Digg is basically the same thing aggregated across the userbase, with a lick of web-2.0 paint.In fact, if I hadn't been posting on Digg, I wouldn't even have included it in my list.
aksivalJan 31, 2009
This is a great article but (yes, their is always a "but") most folks don't realize that there are major security risks that beginner developers inevitably open up. I'm not saying that getting started is a bad idea, but please don't expect to read this article and then build a "production ready" CMS for your clients.If you're looking to learn the basics of how to get started, this is a good conceptual read. If you're looking to find a quick solution to content management (especially for a client), I strongly recommend NOT doing it yourself unless you are an experienced developer and very conscious of website security. I've seen far too many people's websites get compromised (oftentimes unnoticed for months) where someone installs a back door through a vulnerability on a home grown CMS and starts their own spam site in a subdirectory that no one ever looks at. Most "hackers" these days aren't looking to get into your websites to destroy them -- they're looking to use them as hubs to publish and relay spam (and phishing) pages.A better solution for people with little to no development experience is to find a CMS that suits your need. You could try something like WordPress <a class="user" href="http://wordpress.com/">http://wordpress.com/</a> to start with. Or, if you want to edit a website that's already been created, you can use a remotely-hosted system like Surreal CMS <a class="user" href="http://surrealcms.com,">http://surrealcms.com,</a> which is ready to use in a matter of minutes.
findhostcouponsMar 22, 2009
I am a PHP beginner, thanks for your story submitted! I will reread this story once I begin to build my first admin pannel!
skifordwilkesDec 31, 2009
"The demo has been removed." <-- Yeah like, duh!If you learn one thing from this tutorial it's, 'Don't hire Jason Lengstorf'.LOL
lukeitNov 3, 2011
after, add at this free seo link b. http://signalwebsite.com