2529 posts
  • 6 Years of Membership
  • Affiliate Level 2
  • Author Level 6
  • Blog Interview
+13 more
JeffreyWay
says

A pet peeve of mine is when people continue to use the simple mysql_query for large projects. There are much better alternatives. :)

426 posts
  • 6 Years of Membership
  • Affiliate Level 2
  • Author Level 4
  • Beta Tester
+4 more
vasilios
says

Using straight user data without sanitation. It’s just criminal to do.

Just use a simple clean function: http://dev-tips.com/featured/create-a-simple-input-sanitation-function-with-php

5441 posts
  • Author Level 11
  • Moderator
  • Winner
  • 6 Years of Membership
+20 more
dtbaker
Moderator
says
A pet peeve of mine is when people continue to use the simple mysql_query for large projects. There are much better alternatives. :)

fork(); http://codecanyon.net/forums/thread/php-database-abstraction-layer-advantages-disadvantages/29179

78 posts
  • 5 Years of Membership
  • Australia
  • Beta Tester
  • Collector Level 1
+1 more
fredwu
says

Accidental assignment within if statement:

This happens all to often, I just found one today in some code I’m fixing.

The error looks like this:

if($_REQUEST['action'] = 'delete'){  // run the delete code...

Of course, delete will run every time. This should be:

if($_REQUEST['action'] == 'delete'){  // run the delete code..

An even better practice to get into is swapping the variables around:

if('delete' == $_REQUEST['action']){  // run the delete code..

This way if you do accidentally use = instead of == you will get a PHP error.
It’s a hard practice to get into, but well worth it in the long run.

Destructive actions should not be mapped onto GET requests, so instead of using $_REQUEST, one should always stick to using $_POST.

by
by
by
by
by
by