Looking for one or two online resource sites for beginners in php using mysql.
My shared web host is currently at:
PHP version 5.4.20
MySQL version 5.1.70-cll
I'm a php beginner, trying to figure how to safely and efficiently do web work with mysql database functionality.
As I search around the Internet, I find old (deprecated) solutions (such as mysql_real_escape_string) as well as new (modern) ones - but it is usually impossible to tell if I am finding modern syntax and modern best practice until I find a different site that specifically mentions deprecated code or shows a new way of thinking about best practice.
I just would like one or two good sources that include useful examples of code. If I am returning data from one record, an example looping through a recordset is probably not the best example (for instance.) Or vice-versa: if I need to loop through a recordset, then an example of returning and using a single record is not useful.
Of course, with site visitors doing input, I need to protect against sql injection, and so I think I need to also get a good understanding of protecting data passed between php pages too (for example, one page where a user is selecting a record to edit, passing the record ID to another page that shows and allows the user to edit data, then submitting to another page that does server-side validation before constructing and executing the UPDATE query.
This site shows a method to have a single page for adding, editing and deleting records. I like the idea, but don't know if this is "modern" syntax, safe from sql injection, or best practice: http://www.webmonkey.com/2010/02/php_and_mysql_tutorial_-_lesson_2/
This site seems to have some modern code, but the examples are limited:
Here is an example of someone showing not only the use for prepared statements, but on injection vulnerability as well:
Note on the SQL injection properties of prepared statements.
Prepared statements only project you from SQL injection IF you use the bindParam or bindValue option.
For example if you have a table called users with two fields, username and email and someone updates their username you might run
UPDATE `users` SET `user`='$var'
where $var would be the user submitted text.
Now if you did
$b=$a->prepare("UPDATE `users` SET user='$var'");
and the user had entered User', email='test for a test the injection would occur and the email would be updated to test as well as the user being updated to User.
Using bindParam as follows
$b=$a->prepare("UPDATE `users` SET user=:var");
The sql would be escaped and update the username to User', email='test'
I could go on and on. You can probably see that I need a good resource to rely on, so I don't start out coding badly, using deprecated code, or creating vulnerable sites.
Your help in finding a few good online resources will be greatly appreciated!