2529 posts
  • Attended a Community Meetup
  • Author had a Free File of the Month
  • Blog Editor
  • Bought between 50 and 99 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Has been a member for 5-6 years
+6 more
JeffreyWay says

A pet peeve of mine is when people continue to use the simple mysql_query for large projects. There are much better alternatives. :)

426 posts
  • Beta Tester
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 5-6 years
  • Referred between 10 and 49 users
  • Sold between 5 000 and 10 000 dollars
  • United States
vasilios says

Using straight user data without sanitation. It’s just criminal to do.

Just use a simple clean function: http://dev-tips.com/featured/create-a-simple-input-sanitation-function-with-php

2959 posts
  • Football Contest Participant/Runner-up
  • Australia
  • Community Moderator
  • Elite Author
  • Author had a Free File of the Month
  • Most Wanted Bounty Winner
  • Author had a File in an Envato Bundle
  • Has been a member for 5-6 years
  • Contributed a Blog Post
+11 more
dtbaker Volunteer moderator says
A pet peeve of mine is when people continue to use the simple mysql_query for large projects. There are much better alternatives. :)

fork(); http://codecanyon.net/forums/thread/php-database-abstraction-layer-advantages-disadvantages/29179

78 posts
  • Australia
  • Beta Tester
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 4-5 years
fredwu says

Accidental assignment within if statement:

This happens all to often, I just found one today in some code I’m fixing.

The error looks like this:

if($_REQUEST['action'] = 'delete'){  // run the delete code...

Of course, delete will run every time. This should be:

if($_REQUEST['action'] == 'delete'){  // run the delete code..

An even better practice to get into is swapping the variables around:

if('delete' == $_REQUEST['action']){  // run the delete code..

This way if you do accidentally use = instead of == you will get a PHP error.
It’s a hard practice to get into, but well worth it in the long run.

Destructive actions should not be mapped onto GET requests, so instead of using $_REQUEST, one should always stick to using $_POST.

by
by
by
by
by
by