Need modern tutorial, examples for php mysql beginner

Looking for one or two online resource sites for beginners in php using mysql. My shared web host is currently at:

PHP version       5.4.20
MySQL version       5.1.70-cll


I'm a php beginner, trying to figure how to safely and efficiently do web work with mysql database functionality.

As I search around the Internet, I find old (deprecated) solutions (such as mysql_real_escape_string) as well as new (modern) ones - but it is usually impossible to tell if I am finding modern syntax and modern best practice until I find a different site that specifically mentions deprecated code or shows a new way of thinking about best practice.

I just would like one or two good sources that include useful examples of code. If I am returning data from one record, an example looping through a recordset is probably not the best example (for instance.) Or vice-versa: if I need to loop through a recordset, then an example of returning and using a single record is not useful.

Of course, with site visitors doing input, I need to protect against sql injection, and so I think I need to also get a good understanding of protecting data passed between php pages too (for example, one page where a user is selecting a record to edit, passing the record ID to another page that shows and allows the user to edit data, then submitting to another page that does server-side validation before constructing and executing the UPDATE query.

This site shows a method to have a single page for adding, editing and deleting records. I like the idea, but don't know if this is "modern" syntax, safe from sql injection, or best practice:

This site seems to have some modern code, but the examples are limited:

Here is an example of someone showing not only the use for prepared statements, but on injection vulnerability as well:
Note on the SQL injection properties of prepared statements.

Prepared statements only project you from SQL injection IF you use the bindParam or bindValue option.

For example if you have a table called users with two fields, username and email and someone updates their username you might run

UPDATE `users` SET `user`='$var'

where $var would be the user submitted text.

Now if you did
$a=new PDO("mysql:host=localhost;dbname=database;","root","");
$b=$a->prepare("UPDATE `users` SET user='$var'");

and the user had entered  User', email='test for a test the injection would occur and the email would be updated to test as well as the user being updated to User.

Using bindParam as follows
$var="User', email='test";
$a=new PDO("mysql:host=localhost;dbname=database;","root","");
$b=$a->prepare("UPDATE `users` SET user=:var");

The sql would be escaped and update the username to User', email='test'

I could go on and on. You can probably see that I need a good resource to rely on, so I don't start out coding badly, using deprecated code, or creating vulnerable sites.

Your help in finding a few good online resources will be greatly appreciated!

Who is Participating?
Ray PaseurConnect With a Mentor Commented:
dtleahyAuthor Commented:
GaryC123: Excellent resource! Ray Pasaur is brilliant, and has helped me out in the past on several other issues. He must need a wheelbarrow to carry his brain.

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

dtleahyAuthor Commented:
Unfortunately, there is no letter in the English alphabet grading system above A (or at least, EE doesn't give me the option of giving an A+), so all I can do is award the points and give an "A."

But, I want to take the time to acknowledge Ray Paseur (whose last name I butchered in my comment above.) Ray, I want to offer a sincere "thank you" for all of the time and energy that you put into posting not only solutions, but more importantly, a mindset of approaching programming problems and their solutions that strives for excellence in code and a thorough approach - not just "down and dirty" solutions.

I suspect you have been inspirational to many programmers - from beginner to advanced. I know you inspire me.

I'm a dinosaur programmer... Turbo Pascal, VB6, some C, a teeny tiny bit of LISP and Python... some web stuff in VBScript against MS SQL Server. I think my advantage over a complete beginner is in RDBMS backends and having a good handle on database architecture - hey, I wrote my first app in RBase! - and a general understanding of "proper"  coding syntax and commenting. I was self-taught, and then went "back" and got a computer science degree.  So, thank you for all of the resources, and I just have to decide whether the beginning php books or the intermediate php books you mention are my best bet (to start.) Once I figure out which ones to purchase, I'll purchase a couple of them right away.

Again, my sincere thanks for such a thorough answer (even if 'generic' and I just happened to fit it perfectly. The resource you provided could have been written directly for me, and not have been any better)

I'm a dinosaur programmer
Whoa betide you if you ever cross paths with CobolDinosaur ;o)
Indeed, plus we may even wonder about the size of that wheelbarrow...

One other wheelbarrow inspired suggestion:
AntiPHPatterns and AntiPHPractices
a very handy reference of things to avoid and things to do
(I suspect it may have in turn been inspired by the classical authors:
Constantitis, Globalomanus, Singletonia, & Godclassium)
Ray PaseurCommented:
Ha!  Thanks for the points, ~Ray
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.