CodingForums.com - View Single Post

Fou-Lu · 11-14-2012, 02:00 PM

This is very bad practice:

Code:

if (isset($data['username'])) {
$this->username = mysqli_real_escape_string($data['username']);
}

You shouldn't be storing information in an escaped format. That should be used only during write to a mysql database. You are using PDO though, so you shouldn't be doing anything with MySQLi if that's the intent. Binding doesn't require, and nor should it be given an escaped string as it will corrupt the original value of the string.

This makes no sense:

PHP Code:


			
public function storeFormValues($params) {
$this->__construct($params);
}

I don't see a point of calling a constructor on an existing instance of an object. If you need to modify something, do so at the property level; __construct shouldn't be explicitly invoked and should only be used when instantiating a parent constructor or when implicitly called by the new keyword.

11-14-2012, 02:00 PM	PM User \| #2
Fou-Lu God Emperor Join Date: Sep 2002 Location: Saskatoon, Saskatchewan Posts: 15,653 Thanks: 4 Thanked 2,451 Times in 2,420 Posts	This is very bad practice: Code: if (isset($data['username'])) { $this->username = mysqli_real_escape_string($data['username']); } You shouldn't be storing information in an escaped format. That should be used only during write to a mysql database. You are using PDO though, so you shouldn't be doing anything with MySQLi if that's the intent. Binding doesn't require, and nor should it be given an escaped string as it will corrupt the original value of the string. This makes no sense: PHP Code: `public function storeFormValues($params) { $this->__construct($params); }` I don't see a point of calling a constructor on an existing instance of an object. If you need to modify something, do so at the property level; __construct shouldn't be explicitly invoked and should only be used when instantiating a parent constructor or when implicitly called by the new keyword.