Hi everyone,

Just thought that it might be of use to someone starting out in PHP. A
short while ago I created some video tutorials on PHP development (on
Windows XP Pro) using Eclipse and the PHP plugin (those are free to
download).

It covers some basic PHP concepts such as form posting, etc and some MySQL
concepts such as writing an address book application.

Just thought I'd share (QuickTime H.264 encoded):
http://www.meda.co.uk/tutorials/php/

Thanks,

Martin

..oO(Martin Adams)

>Just thought that it might be of use to someone starting out in PHP. A
>short while ago I created some video tutorials on PHP development (on
>Windows XP Pro) using Eclipse and the PHP plugin (those are free to
>download).
>
>It covers some basic PHP concepts such as form posting, etc and some MySQL
>concepts such as writing an address book application.

I can't resist to write some comments about the MySQL address book
tutorial. There are some things in it that are really ugly, others
should _never_ be done, especially not in a beginner's tutorial. I admit
that some of them might not be an issue in this simple example, but
nevertheless things should be done properly right from the start.

In fact, this tutorial shows a beginner how to write an extremely
insecure application!

critical:
---------
* using the 'root' account for normal work
* not preventing SQL injection, doubling apostrophes with str_replace()
is no protection, the minimum would be mysql_real_escape_string()

dangerous:
----------
* using "SELECT MAX(id) + 1 ..." to get the next ID for a record insert:
That's a race condition.
* printing out plain MySQL error messages: This can reveal internal
details to an attacker.
* not using htmlspecialchars() when printing out DB data to a page: This
can be abused for cross-site-scripting.

ugly:
-----
* using the proprietary backticks around each identifier
* using $_REQUEST instead of $_GET or $_POST
* relying on the existance of a field value in $_REQUEST just because
it's in the HTML: Every(!) value has to be checked if it exists.
* using mysql_fetch_array() to retrieve values from a result set: This
returns all fields twice by default, which not only wastes memory, but
might also lead to errors in some cases.
* mixing all kinds of quotes and concatenation: In another tutorial you
said that you don't like embedding variables into a double-quoted
string because it might confuse you. Well, that's what syntax high-
lighting is for - it exactly shows you what is a string and what is a
variable. Instead you always use concatenation. But now tell me -
what is more confusing for a beginner:

"INSERT INTO ..." .
"`id` = " . $id . ", " .
"`name` = '" . $name . "', " .
"`email` = '" . $email . "', "

or a simple

"INSERT INTO ...
id = $id,
name = '$name',
email = '$email'"

general notes:
--------------
* braces when using print or require_once: They're not needed.

Micha