Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
You should at the very least bring it up, that kind of code is a great way to get your job application thrown in the garbage bin.
-
fredrf15238yIf this is just an jntroductory lecture I don't see much problem.
This will quickly demonstrate the concept behind the code and its relation with the DB.
Otherwise, I totally agree. This is not code to be put out there in the wild -
@fredrf Even if it is an introductory lecture its a bad idea to teach students bad practices, Those students will get real jobs one day (The number of junior developers out there who are clueless is quite scary, and whats worse is that there is quite a large number of "senior" developers who are just as bad, that kind of code still makes it to production on a daily basis)
-
fredrf15238y@ItsNotMyFault I totally agree with what you said.
However, my point is: first you teach the basics, and then you build on it. If this is the only way the book/teacher expects you to query the DB, this is very very wrong!
But if there are other areas that this is converted to PDO/escaped/etc then I see no problem -
sudoguy5938yI am afraid, that this is everything we get because we are focused on automation and control (PLCs etc.) and this subject is only some "extra" knowledge we get. But I think even if it is something like that, we should focus more on security, because this code is suicide => better to never see something like this if we don't go deeper.
-
garrettw2648y@jayadev full explanation for why the code is bad:
The data in the $_POST array comes from the user's computer. This code takes the data supplied by the user and sticks it directly into the SQL statement without checking to see if it will do anything bad. The right person could make their computer send any kind of data into that $_POST array, which could do any number of bad things as part of the SQL statement.
Related Rants
So this is how they "teach" us in school...As a part time dev I was completely shocked when I saw this in our materials. What do you think? Should I drop the teachers tables to give him a lesson?
undefined
sql
injection
php
school
wk25