[thelist] [Easy as Pie] Working with a Database

David Dorward david at dorward.me.uk
Fri Jan 18 16:51:40 CST 2008

On 18 Jan 2008, at 22:25, Jon Hughes wrote:
> Third article in the series, let me know what you think:
> http://www.phazm.com/notes/easy-as-pie/easy-as-pie-working-with- 
> database
> s

I've only briefly skimmed it ... but:

With the combination of your page header, and adverts, I have to  
scroll down two full window lengths before I get to the content.

The code is vulnerable to both SQL Injection and XSS attacks (this,  
by itself, is, in my option, reason enough to remove it from the web  

Your HTML form uses XHTML syntax.

Blockquote elements can't directly contain character data in Strict  
variants of (X)HTML.

You use a while loop with a counter where a for loop would probably  
be more appropriate.

The LIMIT clause is a proprietary extension to SQL and probably  
should be avoided.

David Dorward

More information about the thelist mailing list