2529 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 10+ members
  • Has sold $40,000+ on Envato Market
  • Interviewed on an Envato blog
+11 more
JeffreyWay says

A pet peeve of mine is when people continue to use the simple mysql_query for large projects. There are much better alternatives. :)

426 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 10+ members
  • Has sold $5,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+3 more
vasilios says

Using straight user data without sanitation. It’s just criminal to do.

Just use a simple clean function: http://dev-tips.com/featured/create-a-simple-input-sanitation-function-with-php

3059 posts
  • Located in Australia
  • Helps us moderate the forums
  • Has been part of the Envato Community for over 5 years
  • Helped several times protecting Envato Market against copyright violations
+16 more
dtbaker Volunteer moderator says
A pet peeve of mine is when people continue to use the simple mysql_query for large projects. There are much better alternatives. :)

fork(); http://codecanyon.net/forums/thread/php-database-abstraction-layer-advantages-disadvantages/29179

78 posts
  • Has been part of the Envato Community for over 4 years
  • Located in Australia
  • Has been a beta tester for an Envato feature
  • Has collected 1+ items on Envato Market
+1 more
fredwu says

Accidental assignment within if statement:

This happens all to often, I just found one today in some code I’m fixing.

The error looks like this:

if($_REQUEST['action'] = 'delete'){  // run the delete code...

Of course, delete will run every time. This should be:

if($_REQUEST['action'] == 'delete'){  // run the delete code..

An even better practice to get into is swapping the variables around:

if('delete' == $_REQUEST['action']){  // run the delete code..

This way if you do accidentally use = instead of == you will get a PHP error.
It’s a hard practice to get into, but well worth it in the long run.

Destructive actions should not be mapped onto GET requests, so instead of using $_REQUEST, one should always stick to using $_POST.

by
by
by
by
by
by