26
edits
Update:Archive/2.0/Developers/Best Practices: Difference between revisions
Update:Archive/2.0/Developers/Best Practices (view source)
Revision as of 21:21, 22 January 2005
, 22 January 2005→Don't
(added $_REQUEST) |
Maotzetung (talk | contribs) (→Don't) |
||
| Line 42: | Line 42: | ||
* Use variables from outside PHP (GET, POST, COOKIE...) in MySQL queries without cleaning them. | * Use variables from outside PHP (GET, POST, COOKIE...) in MySQL queries without cleaning them. | ||
* "Clean" above variables in place: '''$_GET['foo']=db_escape($_GET['foo'])''' is ''bad''. '''$foo_dbescaped=db_escape($_GET['foo'])''' is OK. | * "Clean" above variables in place: '''$_GET['foo']=db_escape($_GET['foo'])''' is ''bad''. '''$foo_dbescaped=db_escape($_GET['foo'])''' is OK. | ||
* | * Build URLs including Session ID (''SID should be "automagically" added by PHP with a no-cookie configuration''). | ||
* Use inline styles. Ever. | * Use inline styles. Ever. | ||
* Duplicate DOM IDs. | * Duplicate DOM IDs. | ||