Even tutorials get it wrong



  • I was looking at a tutorial for something in php (I believe that it was a navigation tutorial, but cant quite remember). I scrolled down to the bottom of the page on this site, and found that maybe I should use another tutorial

     

     



  • That's pretty good, the "Numbers can be changed to words if you want" part is pretty bad by itself too.


  • Considered Harmful

    Let's pretend to have a database by using hard-coded IDs.  We'll have all of the weaknesses and none of the benefits!

    Though, sadly, I think the person who wrote this believes that all sites are handling IDs with switch statements on the server side, and perhaps has never heard of a database.

    Errors at the bottom are good too, as is the implicitly suggested use of register globals.  This is a great WTF.



  • @joe.edwards@imaginuity.com said:

    Let's pretend to have a database by using hard-coded IDs.  We'll have all of the weaknesses and none of the benefits!

    Though, sadly, I think the person who wrote this believes that all sites are handling IDs with switch statements on the server side, and perhaps has never heard of a database.

    Errors at the bottom are good too, as is the implicitly suggested use of register globals.  This is a great WTF.

     
    It's pretty common to use a switch statement to control the pages of a site. But you basically use them to define the custom stuff like forms and such.

    switch ($id) {

              case '1':   $template = 'contact_form.php' break;

              default:   $template = 'generic_db_content.php' break;



  • You lose 1 point for taking a screenshot when copy and paste would have done.  You also lose 110,000,000,000 points for taking it as JPG instead of PNG.



  • @Pap said:

    You lose 1 point for taking a screenshot when copy and paste would have done. You also lose 110,000,000,000 points for taking it as JPG instead of PNG.
    I thought that was a strange number of points to pick - then I realized it's pronounced "eleventy billion"



  • @Pap said:

    You lose 1 point for taking a screenshot when copy and paste would have done. You also lose 110,000,000,000 points for taking it as JPG instead of PNG.

    So thats why I see nothing.  I think my intelligent stupid-detection filter finally works right. Saved me the trouble of having to squint.



  • @Pap said:

    You lose 1 point for taking a screenshot when copy and paste would have done. You also lose 110,000,000,000 points for taking it as JPG instead of PNG.

     

    I originally took it for my friend, who complains when I send anything but .jpg as a file attachment for a picture.  I will try not to make this mistake again.



  • @BlueXero said:

    @Pap said:

    You lose 1 point for taking a screenshot when copy and paste would have done. You also lose 110,000,000,000 points for taking it as JPG instead of PNG.

     

    I originally took it for my friend, who complains when I send anything but .jpg as a file attachment for a picture.  I will try not to make this mistake again.


    Try using the ScreenGrab extension for firefox (http://www.screengrab.org/)



  • @BlueXero said:

    @Pap said:

    You lose 1 point for taking a screenshot when copy and paste would have done. You also lose 110,000,000,000 points for taking it as JPG instead of PNG.

     

    I originally took it for my friend, who complains when I send anything but .jpg as a file attachment for a picture.  I will try not to make this mistake again.

    Tell your friend how ridiculous that is.

    [url=http://hudzilla.org/phpwiki/index.php?title=Main_Page]And this is the only PHP tutorial worth using.[/url]



  • @BlueXero said:

    My friend complains when I send anything but .jpg as a file attachment for a picture.

    What? 



  • Well, we all know that JPEGs are the only files than cannot contain viruses... oh ... wait...



  • IIRC the "jpeg virus" couldn't infect a machine on its own, it needed the other part of the virus to have installed itself on the machine first.



  • @Thief^ said:

    IIRC the "jpeg virus" couldn't infect a machine on its own, it needed the other part of the virus to have installed itself on the machine first.

    You're thinking of W32/Perrun. It wasn't really a jpeg virus, it was a regular proof-of-concept virus that did funny stuff with jpegs.

    There is also an exploit in the wild for security flaws in the Microsoft jpeg implementation, providing remote code execution. So far as I am aware, it has not been incorporated into a true virus, but it has been used in direct mail attacks, in trojan form. It's not considered a major threat, because for Windows hosts, a major threat is one of those self-reproducing monstrosities that can cover over 80% of the vulnerable hosts on the internet in about twenty minutes. There's no way to remotely persuade a Windows host to decode a jpeg file without user intervention, so it can't be used like that, making it only a "moderate" threat.

    We don't see major threats very often because they're bad for business: they attract press attention, so more users know about them and react to them, so the size of the botnet after 14 days is not that impressive. Modern professional virus writers prefer to avoid press attention.



  • Those who can't Teach code.
    Those who can't Code manage.
    Those who can't Manage write books.
    Those who can't Write Books consult.
    Those who can't Consult sit on there arses.
    Those who are too energetic to sit on there arses, try to Teach.
    Those who can't try to Teach ...


  • @aythun said:

    [url=http://hudzilla.org/phpwiki/index.php?title=Main_Page]And this is the only PHP tutorial worth using.[/url]

    in [url=http://hudzilla.org/phpwiki/index.php?title=Advanced_regular_expressions]this page[/url] it claims you can make $ into a normal character using preg_match("...$..."). That doesn't work; the parser sees $ and puts just $ into the string, which preg_match interprets as end-of-line. If you want to match a literal $, you'd have to either use single quotes like '$', or more backslashes like "\$". (Although since the dollar sign isn't followed by a letter so you know that the parser won't try to substitute a variable, "\$" would suffice.)




  • @Goplat said:

    @aythun said:
    [url=http://hudzilla.org/phpwiki/index.php?title=Main_Page]And this is the only PHP tutorial worth using.[/url]

    in [url=http://hudzilla.org/phpwiki/index.php?title=Advanced_regular_expressions]this page[/url] it claims you can make $ into a normal character using preg_match("...$..."). That doesn't work; the parser sees $ and puts just $ into the string, which preg_match interprets as end-of-line. If you want to match a literal $, you'd have to either use single quotes like '$', or more backslashes like "\$". (Although since the dollar sign isn't followed by a letter so you know that the parser won't try to substitute a variable, "\$" would suffice.)

    Magic quotes ftw. 



  • @dhromed said:

    @Goplat said:
    @aythun said:
    [url=http://hudzilla.org/phpwiki/index.php?title=Main_Page]And this is the only PHP tutorial worth using.[/url]

    in [url=http://hudzilla.org/phpwiki/index.php?title=Advanced_regular_expressions]this page[/url] it claims you can make $ into a normal character using preg_match("...$..."). That doesn't work; the parser sees $ and puts just $ into the string, which preg_match interprets as end-of-line. If you want to match a literal $, you'd have to either use single quotes like '$', or more backslashes like "\$". (Although since the dollar sign isn't followed by a letter so you know that the parser won't try to substitute a variable, "\$" would suffice.)

    Magic quotes ftw. 

    Magic quotes only screws up things from GET/POST/COOKIE, doesn't it? Under most circumstances a regular expression isn't any of that.

    Anyway.. you're right about the escaping, but you can just correct it. It's a wiki after all. I still think the original author is the more competent than the ones writing most other tutorials.



  • Using numeric IDs for pages is ugly :P

    IMHO, if you must do this, the best approach is something like:

    <?php
    $valid_pages 
    = array('index''contact''about''whatever');

    // Get the page we're on. If it's not a valid page, go to the index.
    $page = (!empty($_GET['page']) && in_array($_GET['page'], $valid_pages)) ? $_GET['page'] : 'index';
    // Load this page.
    require('pages/' $page '.php');
    ?>




    Or the approach that SMF takes (which is similar but more advanced, take a look at its index.php file).



Log in to reply