Rewriting my first script (yay fun!)

avillanu

I'm rewriting my first script (CMS). As you can imagine, it's written like a newbie. I haven't learned OOP yet so nothing revolutionary, but I'd like to made the code cleaner and more secure. My thoughts:

Anti-MySQL Injection
Use: $id = intval($_GET['id'])
What should I use regarding username/password and strings passed by the users?
Make variables more memorable/descriptive
Should I bother using LOCK tables? I have a basic CMS which tracks views, user ratings and such.
More info here: http://www.php-mysql-tutorial.com/mysql-update-and-delete.php
Add indents to make code more readable.
Should I add MySQL close connect? I see this is some tutorial examples and not in others.
Should I use functions? something like displayTopContent(); instead of having multiple lines of code...once again this would make the code much more readable, are there any drawbacks to doing this?

Any other suggestions would be greatly appreciated.

bpat1434

Anti-MySQL Injection
[indent]Don't forget to use [man]mysql_real_escape_string/man on strings[/indent]

Locking tables
[indent]Really, this can become a big issue if you're not careful. If you have multiple users trying to lock the table, you can run into collisions and it's something to be weary of. If you want to "lock" the data during update, possibly use InnoDB table type which can do row-level locking or use PostgreSQL[/indent]

MySQL Close
[indent]Typically you can free memory on the server by closing the connection. Although once the script is finished executing, the connection will be severed (unless you use persistent connection).[/indent]

Using Functions
[indent]Entirely up to you. Typically the more modular you make it, the easier it can be to understand, and you can eventually create one library of functions for use in any page. Then it's a matter of calling the proper functions to get the information you want.[/indent]

Any Others
[indent]I would suggest using a templating system (SMARTY, or your own flavor of template system) to help reduce differences between pages.

I'd also suggest using an outside email system (like HTMLMimeMail) as your emailer so that's one less item for you to "worry" about.[/indent]

The other options are just opinions, but it can make things better and easier to maintain sometimes.

cgraz

If you're rewriting your CMS do it in php 5 (unless you absolutely have to use PHP4). You've got built-in support for PDO extension (if configured) which will allow you to use prepared queries and protect against sql injection.

I'd recommend learning some oop before you take this on, otherwise, once you do learn oop, you'll be working on your third revision 😃