Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.
Popular code excerpts may be moved to "Code Snippets" by the moderators.
This is the login page. The same code (pattern) will be used throught the site. Should i have to do more validation (like length of the string, is it array or string etc?). If there are any security issues or anything which can be done in a better way, please let me know
My only complaint about this code is lack of a standard way of doing things. It seems you're calling functions within functions that are defined on various parts of the page. It's okay if it works, but it's a PAIN to add on to code like that.
At the very least, I think you should have your functions defined in a functions.php (or similar) type page, and require it into your script. Then code a very procedural if/else (or switch) statement. Readability of the code would improve 10fold.
To elaborate on that, you could go in a totally OO manner and create user and validation classes.
Either way would make it 10x easier to read, maintain, and update.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
To me, it looks like your trying to organize and compartmentalize your code, which is a good thing. You've taken it as far as you can. Your next step is to start learning Object Oriented Programing techniques and design patterns. Lot's of good tutorials out there and it's not really complex.
I'm surpised nobody suggested his script's vulnerability to SQL injection. All input variables, at minimum, should be passed through mysql_real_escape_string() prior to be added to query.
Jcart wrote:I'm surpised nobody suggested his script's vulnerability to SQL injection. All input variables, at minimum, should be passed through mysql_real_escape_string() prior to be added to query.
Yeah I was looking at the coding style and didn't even notice.