[thelist] [Easy as Pie] Working with a Database
David Dorward
david at dorward.me.uk
Fri Jan 18 16:51:40 CST 2008
On 18 Jan 2008, at 22:25, Jon Hughes wrote:
> Third article in the series, let me know what you think:
> http://www.phazm.com/notes/easy-as-pie/easy-as-pie-working-with-
> database
> s
I've only briefly skimmed it ... but:
With the combination of your page header, and adverts, I have to
scroll down two full window lengths before I get to the content.
The code is vulnerable to both SQL Injection and XSS attacks (this,
by itself, is, in my option, reason enough to remove it from the web
immediately).
Your HTML form uses XHTML syntax.
Blockquote elements can't directly contain character data in Strict
variants of (X)HTML.
You use a while loop with a counter where a for loop would probably
be more appropriate.
The LIMIT clause is a proprietary extension to SQL and probably
should be avoided.
--
David Dorward
http://dorward.me.uk/
http://blog.dorward.me.uk/
More information about the thelist
mailing list