Need modern tutorial, examples for php mysql beginner

Looking for one or two online resource sites for beginners in php using mysql. My shared web host is currently at:

PHP version       5.4.20
MySQL version       5.1.70-cll

===================================


I'm a php beginner, trying to figure how to safely and efficiently do web work with mysql database functionality.

As I search around the Internet, I find old (deprecated) solutions (such as mysql_real_escape_string) as well as new (modern) ones - but it is usually impossible to tell if I am finding modern syntax and modern best practice until I find a different site that specifically mentions deprecated code or shows a new way of thinking about best practice.

I just would like one or two good sources that include useful examples of code. If I am returning data from one record, an example looping through a recordset is probably not the best example (for instance.) Or vice-versa: if I need to loop through a recordset, then an example of returning and using a single record is not useful.

Of course, with site visitors doing input, I need to protect against sql injection, and so I think I need to also get a good understanding of protecting data passed between php pages too (for example, one page where a user is selecting a record to edit, passing the record ID to another page that shows and allows the user to edit data, then submitting to another page that does server-side validation before constructing and executing the UPDATE query.

This site shows a method to have a single page for adding, editing and deleting records. I like the idea, but don't know if this is "modern" syntax, safe from sql injection, or best practice: http://www.webmonkey.com/2010/02/php_and_mysql_tutorial_-_lesson_2/

This site seems to have some modern code, but the examples are limited:
http://www.mysqltutorial.org/php-mysql/



Here is an example of someone showing not only the use for prepared statements, but on injection vulnerability as well:
Note on the SQL injection properties of prepared statements.

Prepared statements only project you from SQL injection IF you use the bindParam or bindValue option.

For example if you have a table called users with two fields, username and email and someone updates their username you might run

UPDATE `users` SET `user`='$var'

where $var would be the user submitted text.

Now if you did
<?php
$a=new PDO("mysql:host=localhost;dbname=database;","root","");
$b=$a->prepare("UPDATE `users` SET user='$var'");
$b->execute();
?>

and the user had entered  User', email='test for a test the injection would occur and the email would be updated to test as well as the user being updated to User.

Using bindParam as follows
 <?php
$var="User', email='test";
$a=new PDO("mysql:host=localhost;dbname=database;","root","");
$b=$a->prepare("UPDATE `users` SET user=:var");
$b->bindParam(":var",$var);
$b->execute();
?>

The sql would be escaped and update the username to User', email='test'

I could go on and on. You can probably see that I need a good resource to rely on, so I don't start out coding badly, using deprecated code, or creating vulnerable sites.

Your help in finding a few good online resources will be greatly appreciated!

Dennis
dtleahyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dtleahyAuthor Commented:
GaryC123: Excellent resource! Ray Pasaur is brilliant, and has helped me out in the past on several other issues. He must need a wheelbarrow to carry his brain.

-Dennis
0
GaryCommented:
lol
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Ray PaseurCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dtleahyAuthor Commented:
Unfortunately, there is no letter in the English alphabet grading system above A (or at least, EE doesn't give me the option of giving an A+), so all I can do is award the points and give an "A."

But, I want to take the time to acknowledge Ray Paseur (whose last name I butchered in my comment above.) Ray, I want to offer a sincere "thank you" for all of the time and energy that you put into posting not only solutions, but more importantly, a mindset of approaching programming problems and their solutions that strives for excellence in code and a thorough approach - not just "down and dirty" solutions.

I suspect you have been inspirational to many programmers - from beginner to advanced. I know you inspire me.

I'm a dinosaur programmer... Turbo Pascal, VB6, some C, a teeny tiny bit of LISP and Python... some web stuff in VBScript against MS SQL Server. I think my advantage over a complete beginner is in RDBMS backends and having a good handle on database architecture - hey, I wrote my first app in RBase! - and a general understanding of "proper"  coding syntax and commenting. I was self-taught, and then went "back" and got a computer science degree.  So, thank you for all of the resources, and I just have to decide whether the beginning php books or the intermediate php books you mention are my best bet (to start.) Once I figure out which ones to purchase, I'll purchase a couple of them right away.

Again, my sincere thanks for such a thorough answer (even if 'generic' and I just happened to fit it perfectly. The resource you provided could have been written directly for me, and not have been any better)

Dennis
0
GaryCommented:
I'm a dinosaur programmer
Whoa betide you if you ever cross paths with CobolDinosaur ;o)
0
PortletPaulfreelancerCommented:
Indeed, plus we may even wonder about the size of that wheelbarrow...

One other wheelbarrow inspired suggestion:
AntiPHPatterns and AntiPHPractices
a very handy reference of things to avoid and things to do
(I suspect it may have in turn been inspired by the classical authors:
Constantitis, Globalomanus, Singletonia, & Godclassium)
0
Ray PaseurCommented:
Ha!  Thanks for the points, ~Ray
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.