• 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: July 21st, 2023

help-circle
  • Generally I’m not against w3 schools for quickly checking the syntax of something or how to use a specific method, but I always try stay clear of their larger code examples.

    I was learning PHP a couple years back for some hobby side projects I was working on. They provide some code here about how to connect to an SQL database. I ended up using this code for almost a year on some publicly hosted sites.

    The code they provided isn’t secure, though. It can output database errors to the client, and give away information about your database which a random user shouldn’t have access to.

    Additionally, the beginning few pages for their SQL insertion examples doesn’t mention anywhere that you should be using prepared statements. There is a page slightly further down, but for the average person learning the language, there’s no reason for them not to just copy parts the extremely insecure code and use it in their projects.

    W3 schools imo is great for quickly checking up on something, but generally it’s probably better to avoid their examples and look up the language standards somewhere else.