[thelist] What tools should I use?

Robert Gormley robert at pennyonthesidewalk.com
Mon Sep 12 12:31:23 CDT 2005 

 

> -----Original Message-----
> From: thelist-bounces at lists.evolt.org 
> [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Ian Anderson
> Sent: Tuesday, 13 September 2005 3:12 AM
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] What tools should I use?

> 2. Differences in deployment on different servers; some ISPs 
> have older versions of PHP and MySQL, and it really matters. 
> For example, older MySQL doesn't support subqueries. It cost 
> me two days to find this out when a site that worked 
> perfectly on my hosting broke when ported onto the client's 
> web space and a lot of SQL and PHP code had to be rewritten. 
> Now I know to check the version of PHP and of MySQL before I 
> start, and most importantly do a phpinfo() on the new box to 
> check its setup

Definitely a prerequisite. But then again, no different from checking
ASP/IIS/SQL versions.
 
> 3. PHP setup varies immensely. e.g.; to protect against SQL 
> injection and to allow ' in form input, you should use the 
> addslashes function on all content from the browser, 

Ideally, you should use prepared/parameterised statements, ie
mysql_prepare_stmt


> including cookies, GET and POST data. 
> EXCEPT, if the server has the magic quotes feature turned on, 
> which does this automatically, then you must not use it! 
> Because you get the escaping of ' done twice.  Some ISPs have 
> it on, some don't. How can you write portable code? You have 
> to use a specific function to test if magic quotes is on then 
> write two different versions of the code that imports any 
> input from the user! It's a joke.

You're approaching it the wrong way. Use a php_ini directive to turn off
magic quoting, and then code that way, only.
 
> There is also much more scope for errors when learning LAMP; 
> for instance, when setting up MySQL tables under PHPMyAdmin 
> you are asked to specify which table types to use. Beginners 
> should not be exposed to this sort of thing, and costly 
> errors are very easy.

You are, but the default is MyISAM. Which is the 99% recommended table
type for default usage.

Rob

More information about the thelist mailing list