Standardize

Posted: Sun Apr 26, 2009 10:57 am

evaders99 wrote:

Quote:

8. stripslashes on every form to prevent sql injection.

Actually no. addslashes is what you want to prevent sql injections. Better, use mysql_real_escape_string (only if using MySQL databases)

my bad sorry. I better review my ongoing module Razz

Anyway i'm OffTopic

I can't think of anything else i've seen during my coding session apart from this bit.
If ($string== "" );
to
If("" == $string); I'm sure I saw raven post something about conditionals.

registered · Posted: Mon Apr 27, 2009 10:01 pm

It is just to keep you from messing up by accidentally using an assignment of "=" instead of the comparison operator "==". No other reason really.

I usually use if (empty($string)) if I also want to consider other values as "no input". See the PHP manual for what I mean... But, just remember that there is no silver bullet. "Know thy input".... "Cleanse thy input"... and then "Use thy input appropriately" (as you may need to do different things depending upon what comes next.

Posted: Tue Apr 28, 2009 12:20 am

montego wrote:

It is just to keep you from messing up by accidentally using an assignment of "=" instead of the comparison operator "==". No other reason really.

I should have explained this ^_^ .
Anyway I think that these two should be standardize for nuke coding and this post be a reference for future modules posted in this section.

registered · Posted: Sun May 03, 2009 10:14 am

$string == "" would create a warning and shouldn't be used. As montego said you should be using empty()

Involved Joined: Jul 03, 2006 Posts: 273

I thought I would chime in here with an idea for the standardization topic in case it ever becomes a reality.

How about Standardizing SQL inserts MUST always be Extended?

Reasoning behind this if using extended inserts and should fields be added to a table in future there is less likely to break of old code. I mean if current fields drop or are altered this may not help much but at least when wanting to add to or improve the functionality of a table with new fields we don't start breaking a bunch of other modules dependent on it.

Just something to think about when compiling your list of Do's and Don'ts for Standardization or compatibility.

Posted: Wed Sep 16, 2009 12:31 pm

Duck, thank you for reminding me of this. I agree wholeheartedly. This has always bugged my about Nuke.

I assume you are talking about syntax where you have a list of values that have to be in the exact order that the fields are defined in the table. As in this horrible example:

Code:

INSERT INTO $user_prefix.`_users` VALUES (1, '', 'Anonymous', '', '', '', 'blank.gif', 'Oct 10, 2008', '', '', '', '', '', 0, 0, '', '', '', '', 10, '', 0, 0, 0, '', 0, '', '', 4096, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 10, NULL, 'english', 'D M d, Y g:i a', 0, 0, 0, NULL, 1, 1, 1, 1, 1, 1, 1, 1, 0, 3, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0);

Try to figure out where a new or missing field goes in there. It would be so much nicer and maintainable if the code said user_id = '1'
username = 'anonymous' ... etc.

one per line. I'd like to see us "backport" (as Chloe on the TV show 24 used to day) that approach into RN as time permits.

Posted: Wed Sep 16, 2009 1:09 pm

Yes that was exactly what I am referring to and he has always bugged me too! lol

And BTW 24 Rocks! Cool

(but last season kind of sucked unfortunately so I hope the do better this year)