My morning dose of code
Yesterday I had to interview two guys for a PHP job. One had about 8 years experience in programming (not just PHP) in general, one was a sysadmin. As usual, I ask interievees to solve some code excersize (in this case, save an email to the DB). That is the code that the guy with 8 years programming has written:
<?php $persone_name = $_POST["nm"]; $CityID = $_POST["ct_id"]; $message = $_POST["msg"]; $cn = mySQL_connect("127.0.0.1","root"); mysql_select_db("myDB"); mysql_query("INSERT INTO tbl_data (persone_name,city_id,message) VALUES ('" . $persone_name . "', '" .$CityID . '",'" . $message . "'"); mysql_close($cn); ?>
And here is the code that the sysadmin has written:
function save_to_db($host, $dbuser, $dbpassword, $dbname, $msg)
{
//this function saves sent by parameters data to database
$conn = new mysqli($host, $dbuser, $dbpassword, $dbname);
$id=NULL;
//preparing a query
$stmt= @$conn->prepare("INSERT INTO msg VALUES (?,? ,? ,? ,?)");
if($stmt == FALSE)
{
echo $conn->error;
$conn->close();
}
//binding data
$stmt->bind_param('sssss',$id,$msg['from'],$msg['to'],$msg['subject'],$msg['content']);
//escaping strings to prevent a SQL injections
foreach($msg as &$item) {
$item=$conn->real_escape_string($item);
}
// excuting a query
$result=@$stmt->execute();
return $msg;
}
I got that code as the first thing that I saw when I opened my mail, and that was a good way to start the day.
I don't think that I need to say who will get the job, right? And remember, the first one was written by someone with 8 years experience.
That is for the next time someone accuse me from despairing from the state of programmers on the market.

Comments
Comment preview