Jump to content

Are These Php Scripts Correct?


Norman
 Share

Recommended Posts

I'm studying these series of articles: http://www.intranetjournal.com/articles/20..._07_06_04a.html. And I was asking myself, about the PHP code.. (those articles are dated 2004), if is there some deprecated codes. Can you please help me? Also, I don't know if is possible that something has changed in PHP over the years.. like in HTML (<br /> instead of <br>, <strong> instead of <b>, etc.).

Link to comment
Share on other sites

There is a new doctype for XHTML which stands for eXtensible HTML. Many tags are deprecated now, such as the use of <b>. The emphasis is on functional, semantic tags, styled and manipulated externally, to separate the markup from the style and functionality. Tags like <em> and <strong> are still around, because they lend meaning. If you want to make something bold just for aesthetic value, wrap it in a <span> and style the span - using a CSS class, preferably. Singleton instances, particularly as generated by a server side script, are still often styled inline, because it's more work to go and create a class in a separate document. There are also no open ended tags anymore. A <br> is now closed - <br />. This goes for images, hr, inputs...anything with an implied closing tag now ends /> to make it explicit. I don't know what has changed in PHP/JavaScript, as I've only learned on the latest versions.

Link to comment
Share on other sites

Some of the things they do are a little old-fashioned.When they create the classes with properties and a constructor, instead of doing it this way:

class DbConnector extends SystemComponent {var $theQuery;var $link;//*** Function: DbConnector, Purpose: Connect to the database ***function DbConnector(){

It should be done like this:

class DbConnector extends SystemComponent {public $theQuery;public $link;//*** Function: DbConnector, Purpose: Connect to the database ***function __construct(){

In the third part, they start using $HTTP_POST_VARS AND $HTTP_GET_VARS. That should be $_POST and $_GET instead, the $HTTP_* versions are going away. They also make a bad habit of using things from post directly in the queries, so all of those queries are vulnerable to injection attacks. They eventually set up a validator class, but the only thing that does is check if something is either a number or an email address, you need to do more than that to protect against injections.Somewhere in the 6th part they start using the ereg functions for regular expressions, the ereg functions are going away and it would be better to use the preg versions.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...