On 8/10/2009 1:20 AM, Andrea Giammarchi wrote:
So far I stopped at the first line, the constructor, where I can spot with what I can
read SQL injections "everywhere"
I hope here is a proper validation there, 'cause as is, sounds truly dangerous,
since you are not using bindParams or other PDO related techniques to avoid
input problems.
About the rest I kinda agree with the proper model controller, rather than just
a reader.
Regards
To: php-general@lists.php.net
Date: Wed, 7 Oct 2009 17:34:35 +1100
From: baum...@livejournal.dk
Subject: [PHP] Insult my code!
Hi there,
I'm in the process of trying to wrap my head around MVC, and as part of
that, I'm attempting to implement a super-tiny MVC framework.
I've created some mockups of how the framework might be used based
around a very simple 'bank', but I'm trying to get some feedback before
I go and implement it, to make sure I'm actually on the right track.
Any thoughts would be much appreciated!
Model - http://www.pastebin.cz/23595
Controller - http://www.pastebin.cz/23597
View - http://www.pastebin.cz/23598
Template - http://www.pastebin.cz/23599
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_________________________________________________________________
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail
you.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010
The linked code was supposed to be more of a mockup than anything, with
the functions a bit of filler to try and show what I'm trying to do.
With regard to the SQL injection, I try not to make the problems with my
code quite so blatant. :-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
