What are the bad things present in flowing code:
print "<ul>"
$conn = mysql_connect( "localhost:8080", "root", "admin" );
mysql_select_db( "testdb", $conn ); #selects a database
$q = " SELECT * FROM table1 WHERE id > " . $_GET["id"]. ";";
$res = mysql_query( $q, $conn);
while( $row = mysql_fetch_assoc($res) )
{
print "<li>".$row['description']."</li>";
}
print "</ul><br><ul>";
$q = " SELECT * FROM table1 WHERE id < " . $_GET["id"]. ";";
$res = mysql_query( $q, $conn);
while( $row = mysql_fetch_assoc($res) )
{
print "<li>".$row['description']."</li>";
}
print "</ul>";
as per me the bad things are:
1.) Using hardcoded values for database connection
2.) Bad practise of using $_GET
variable without checking it for sql injection.
3.) Should print the database value useing htmlencode
4.) should use <br/>
instead of <br>
5.) bad practise of mixing html presentation layer and database interaction layer something like controller