Return to Answer

replaced http://il1.php.net with https://www.php.net

Source Link

edited Nov 17, 2023 at 19:51

Community Bot

edited Nov 17, 2023 at 19:51

Community Bot

Okay

All of them

Don't have multiple statements on the same line like that.
Use either spaces or tabs, don't use both.
<?php something; ?> <?php somethingElse; ?> is pointless. Don't do that.
Be consistent. Sometimes you're doing funcName( $param ) and sometimes funcName($param). Pick one and stick with it.

1)

Looks good security wise. See above All of them for improving.

2)

Looks good, but too little information to know. If you haven't already, set PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION and PDO::ATTR_EMULATE_PREPARES to false. See `PDO::setAttribute() .

3)

Sometimes you are redirecting to localhost, sometimes to mywebsite. Use a variable. See $_SERVER $_SERVER .
}} is horrible.

4)

Very good. Queries that don't use parameters don't need to be prepared. Note however that there's a very fine line! Every time you need a variable inside of a query, you want a prepared statement.

5)

You are vulnerable to XSS attacks on your tags. This can be prevented by escaping your tags for HTML output escaping your tags for HTML output .

6)

Look at the all of them list for details on how to improve.

All in all, you must improve your code-style. Your code is extremely unreadable and will be hard to maintain in the future.

Aside from that one XSS vulnerability, it looks good to me, but again, it's hard to tell just with the code you've given.

Okay

All of them

Don't have multiple statements on the same line like that.
Use either spaces or tabs, don't use both.
<?php something; ?> <?php somethingElse; ?> is pointless. Don't do that.
Be consistent. Sometimes you're doing funcName( $param ) and sometimes funcName($param). Pick one and stick with it.

1)

Looks good security wise. See above All of them for improving.

2)

Looks good, but too little information to know. If you haven't already, set PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION and PDO::ATTR_EMULATE_PREPARES to false. See `PDO::setAttribute() .

3)

Sometimes you are redirecting to localhost, sometimes to mywebsite. Use a variable. See $_SERVER .
}} is horrible.

4)

Very good. Queries that don't use parameters don't need to be prepared. Note however that there's a very fine line! Every time you need a variable inside of a query, you want a prepared statement.

5)

You are vulnerable to XSS attacks on your tags. This can be prevented by escaping your tags for HTML output .

6)

Look at the all of them list for details on how to improve.

All in all, you must improve your code-style. Your code is extremely unreadable and will be hard to maintain in the future.

Aside from that one XSS vulnerability, it looks good to me, but again, it's hard to tell just with the code you've given.

Okay

All of them

Don't have multiple statements on the same line like that.
Use either spaces or tabs, don't use both.
<?php something; ?> <?php somethingElse; ?> is pointless. Don't do that.
Be consistent. Sometimes you're doing funcName( $param ) and sometimes funcName($param). Pick one and stick with it.

1)

Looks good security wise. See above All of them for improving.

2)

Looks good, but too little information to know. If you haven't already, set PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION and PDO::ATTR_EMULATE_PREPARES to false. See `PDO::setAttribute() .

3)

Sometimes you are redirecting to localhost, sometimes to mywebsite. Use a variable. See $_SERVER .
}} is horrible.

4)

Very good. Queries that don't use parameters don't need to be prepared. Note however that there's a very fine line! Every time you need a variable inside of a query, you want a prepared statement.

5)

You are vulnerable to XSS attacks on your tags. This can be prevented by escaping your tags for HTML output .

6)

Look at the all of them list for details on how to improve.

All in all, you must improve your code-style. Your code is extremely unreadable and will be hard to maintain in the future.

Aside from that one XSS vulnerability, it looks good to me, but again, it's hard to tell just with the code you've given.

Source Link

answered Jun 24, 2014 at 7:03

Madara's Ghost

answered Jun 24, 2014 at 7:03

Madara's Ghost

4.8k
25
46

Okay

All of them

Don't have multiple statements on the same line like that.
Use either spaces or tabs, don't use both.
<?php something; ?> <?php somethingElse; ?> is pointless. Don't do that.
Be consistent. Sometimes you're doing funcName( $param ) and sometimes funcName($param). Pick one and stick with it.

1)

Looks good security wise. See above All of them for improving.

2)

Looks good, but too little information to know. If you haven't already, set PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION and PDO::ATTR_EMULATE_PREPARES to false. See `PDO::setAttribute() .

3)

Sometimes you are redirecting to localhost, sometimes to mywebsite. Use a variable. See $_SERVER .
}} is horrible.

4)

Very good. Queries that don't use parameters don't need to be prepared. Note however that there's a very fine line! Every time you need a variable inside of a query, you want a prepared statement.

5)

You are vulnerable to XSS attacks on your tags. This can be prevented by escaping your tags for HTML output .

6)

Look at the all of them list for details on how to improve.

All in all, you must improve your code-style. Your code is extremely unreadable and will be hard to maintain in the future.

Aside from that one XSS vulnerability, it looks good to me, but again, it's hard to tell just with the code you've given.

lang-php