[thelist] What tools should I use?
Robert Gormley
robert at pennyonthesidewalk.com
Mon Sep 12 12:31:23 CDT 2005
> -----Original Message-----
> From: thelist-bounces at lists.evolt.org
> [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Ian Anderson
> Sent: Tuesday, 13 September 2005 3:12 AM
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] What tools should I use?
> 2. Differences in deployment on different servers; some ISPs
> have older versions of PHP and MySQL, and it really matters.
> For example, older MySQL doesn't support subqueries. It cost
> me two days to find this out when a site that worked
> perfectly on my hosting broke when ported onto the client's
> web space and a lot of SQL and PHP code had to be rewritten.
> Now I know to check the version of PHP and of MySQL before I
> start, and most importantly do a phpinfo() on the new box to
> check its setup
Definitely a prerequisite. But then again, no different from checking
ASP/IIS/SQL versions.
> 3. PHP setup varies immensely. e.g.; to protect against SQL
> injection and to allow ' in form input, you should use the
> addslashes function on all content from the browser,
Ideally, you should use prepared/parameterised statements, ie
mysql_prepare_stmt
> including cookies, GET and POST data.
> EXCEPT, if the server has the magic quotes feature turned on,
> which does this automatically, then you must not use it!
> Because you get the escaping of ' done twice. Some ISPs have
> it on, some don't. How can you write portable code? You have
> to use a specific function to test if magic quotes is on then
> write two different versions of the code that imports any
> input from the user! It's a joke.
You're approaching it the wrong way. Use a php_ini directive to turn off
magic quoting, and then code that way, only.
> There is also much more scope for errors when learning LAMP;
> for instance, when setting up MySQL tables under PHPMyAdmin
> you are asked to specify which table types to use. Beginners
> should not be exposed to this sort of thing, and costly
> errors are very easy.
You are, but the default is MyISAM. Which is the 99% recommended table
type for default usage.
Rob
More information about the thelist
mailing list