this post was submitted on 21 Aug 2023
1063 points (98.2% liked)

Programmer Humor

19701 readers
151 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago

Generally I'm not against w3 schools for quickly checking the syntax of something or how to use a specific method, but I always try stay clear of their larger code examples.

I was learning PHP a couple years back for some hobby side projects I was working on. They provide some code here about how to connect to an SQL database. I ended up using this code for almost a year on some publicly hosted sites.

The code they provided isn't secure, though. It can output database errors to the client, and give away information about your database which a random user shouldn't have access to.

Additionally, the beginning few pages for their SQL insertion examples doesn't mention anywhere that you should be using prepared statements. There is a page slightly further down, but for the average person learning the language, there's no reason for them not to just copy parts the extremely insecure code and use it in their projects.

W3 schools imo is great for quickly checking up on something, but generally it's probably better to avoid their examples and look up the language standards somewhere else.