Created
February 16, 2012 03:23
-
-
Save robballou/1841465 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $names = 'Jeff'; | |
| // if User() is a class, this will be an error since classes are not callable. If it | |
| // is a class then it would be "new User();" | |
| $user = User(); | |
| // $names is not iterable, so this will error out | |
| foreach($names as $name) | |
| { | |
| // couple issues here: | |
| // 1. syntax would run an SQL query with the literal string $name in the query | |
| // (instead of interpolating the $name variable because of the single quotes) | |
| // 2. not an error (and this is a bit dependent on abstraction layer), but $name | |
| // should be escaped or included as a parameter for use in a statement to avoid potential | |
| // SQL injection | |
| DB::run_query('select id from user where first_name = "$name"'); | |
| $id = DB::get_result(); | |
| // see the other comment about User() above | |
| $user = User($id); | |
| // syntax error with the single quote in the single-quoted string. Use a \' if necessary | |
| // or change to double quotes | |
| print 'User's full name is ' . $user->first_name . ' ' . $user->last_name; | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment