Advanced Php Programming Part 4

This tutorials are great!
Been programming for a while, but it isn't for now i start to understand classes.!
thanks.

feot

i know you made this video a while ago.. but for the people learning it will continue to last for a long time.. there are a few corrections i want to add so you dont repeat the same issues "tutlage" had.

* when using camelCase naming conventions, STICK TO YOUR PATTERN.. ex.
  in 4:26 minutes in, "function createTodo" then "function ListTodo"
  all 1st words should be lower "likeThis" or "like_this"

* also dont use plural variable names unless it is a group, or ALL variables are plural.
  use singular.. ex.    $makeSession, not $makeSessions
  or if using plural, use ALL plural, ex.  $numbers, $users, $passwords
  it makes it easier to remember when remembering var names.

* also i would NOT recommend using the "prepared statement" he does in the
  example.  it seems to be defeating the purpose of a prepared statement. the proper
  way is using...   bindParam(1, $username)  OR  bindValue(1, $username)
  so the code should look like this... (use bindParam OR bindValue)..
  THIS IS A PROPER PREPARED STATEMENT.

  $query = $this->link->prepare(
     "INSERT INTO users (username, password, ip_address, date, time)
      VALUES (?, ?, ?, ?, ?)" ); 
  $query->bindParam(1, $username, PDO::PARAM_STR);
  $query->bindParam(2, $password, PDO::PARAM_STR);
  $query->bindParam(3, $ip_address, PDO::PARAM_STR);
  $query->bindParam(4, $date, PDO::PARAM_STR);
  $query->bindParam(5, $time, PDO::PARAM_STR);
  $query->execute();
  $count = $query->rowCount();
  return $count;


* another thing.. DONT EVER put your variables in your sql query directly. ex.
$query = "SELECT * FROM users WHERE username = '$username' ";
THAT IS NOT SAFE, prepare & sanitize ALL INCOMING DATA !!!! i cannot stress this enuff.
thats more of the purpose of PDO, but still sanitize your incoming data, ALWAYS.

TerryDeSimone