My morning dose of code

time to read 2 min | 288 words

Yesterday I had to interview two guys for a PHP job. One had about 8 years experience in programming (not just PHP) in general, one was a sysadmin. As usual, I ask interievees to solve some code excersize (in this case, save an email to the DB). That is the code that the guy with 8 years programming has written:

	$persone_name = $_POST["nm"];
	$CityID = $_POST["ct_id"];
	$message = $_POST["msg"];
	$cn = mySQL_connect("","root");
	mysql_query("INSERT INTO tbl_data (persone_name,city_id,message) VALUES ('" .   
	                                      $persone_name . "', '" .$CityID . '",'" .  $message . "'");

And here is the code that the sysadmin has written:

function save_to_db($host, $dbuser, $dbpassword, $dbname, $msg)
	//this function saves sent by parameters data to database
	$conn = new mysqli($host, $dbuser, $dbpassword, $dbname);
	//preparing a query
	$stmt= @$conn->prepare("INSERT INTO msg VALUES (?,? ,? ,? ,?)");
	if($stmt == FALSE)
		echo $conn->error;
	//binding data
	//escaping strings to prevent a SQL injections
	foreach($msg as &$item) {
	// excuting a query
	return $msg;

I got that code as the first thing that I saw when I opened my mail, and that was a good way to start the day.

I don't think that I need to say who will get the job, right? And remember, the first one was written by someone with 8 years experience.

That is for the next time someone accuse me from despairing from the state of programmers on the market.