PHP is probably the most in-demand open source web development language currently. More than 20 million domains are coded with PHP and it is even been used for major sites like Facebook and Wikipedia and even some of the most popular open source projects including WordPress and Drupal.
For common tasks, there are chances that there is already an existing PHP function or class that can be used for your present task. Check the PHP manual before starting coding manually. You can just use the trim() function if you want to remove the white space instead of creating a function from scratch!
Instead of scattering your database connection settings scattered everywhere, create one master file that contains the overall settings and utilized them in PHP scripts. Using a config file is also a pattern that many use and which makes your code more modular and easy to maintain.
Sanitizing your database inputs is very important. One needs to have a good understanding of what SQL injections actually are, and learn about SQL injection attacks and SQL injection cheat sheet.
There is a PHP Development function that can clean up the database for you: mysql_real_escape_string. mysql_real_escape_string
The function will take a regular string and sanitize it for you. If you use the function along with htmlspecialchars, it converts some reserved HTML characters and thus safeguard your database and your app against cross-site scripting attacks.
No comments:
Post a Comment