Comments on: Flex and PHP: remoting with SabreAMF http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/?utm_source=rss&utm_medium=rss&utm_campaign=flex-and-php-remoting-with-sabreamf Flex, AIR and Rock&Roll Thu, 09 Sep 2010 00:42:32 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Babbo Maria http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/comment-page-1/#comment-8481 Babbo Maria Wed, 27 Jan 2010 09:34:40 +0000 http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/#comment-8481 Hey, Great article (the only one in the world), i discovered php/flex only now i ever used pear, sabre is a nice solution. Where can i find more documentation about the flex aspect because there are no example about this library. I'd like to build a simple example that non return an array of obj but a simple value (true/false) or an integer is possible with this library or i have to wrap everything in a object. Hey,
Great article (the only one in the world), i discovered php/flex only now i ever used pear, sabre is a nice solution. Where can i find more documentation about the flex aspect because there are no example about this library. I’d like to build a simple example that non return an array of obj but a simple value (true/false) or an integer is possible with this library or i have to wrap everything in a object.

]]> By: Flex and remoting with PHP, which library is the best: Zend AMF, AMFPHP, WebORB for PHP, or SabreAMF? : Mihai CORLAN http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/comment-page-1/#comment-2728 Flex and remoting with PHP, which library is the best: Zend AMF, AMFPHP, WebORB for PHP, or SabreAMF? : Mihai CORLAN Tue, 31 Mar 2009 15:02:40 +0000 http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/#comment-2728 [...] You’ve decided to go for remoting as the way to communicate with your PHP server, and you’re wondering which of these four libraries is the best: Zend AMF, AMFPHP, WebORB for PHP, and SabreAMF? [...] [...] You’ve decided to go for remoting as the way to communicate with your PHP server, and you’re wondering which of these four libraries is the best: Zend AMF, AMFPHP, WebORB for PHP, and SabreAMF? [...]

]]> By: Mihai Corlan http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/comment-page-1/#comment-2714 Mihai Corlan Fri, 27 Mar 2009 15:46:50 +0000 http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/#comment-2714 @mrm Thanks for your comment. My intention was to keep the number of lines, especially in the PHP side at a minimum. This blog post is not about how to handle a table in PHP. I assume people are already familiar with this subject. Thus no SQL escaping, no database access layer (Pear DB/ADODB/etc). But I have to agree with you, it is a bad idea to let in production code that doesn't protect you of SQL injection. @mrm

Thanks for your comment.

My intention was to keep the number of lines, especially in the PHP side at a minimum. This blog post is not about how to handle a table in PHP. I assume people are already familiar with this subject. Thus no SQL escaping, no database access layer (Pear DB/ADODB/etc).

But I have to agree with you, it is a bad idea to let in production code that doesn’t protect you of SQL injection.

]]> By: mrm http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/comment-page-1/#comment-2708 mrm Fri, 27 Mar 2009 10:37:53 +0000 http://corlan.org/2009/03/26/flex-and-php-remoting-with-sabreamf/#comment-2708 65: //add new record 66: $query = "DELETE FROM authors_aut WHERE id_aut = ".$author->id_aut; Right... Also, please use sprintf + mysql_real_escape_string instead of concatenating the query string with the parameters. It's examples like these that make people oblivious to SQL injection vulnerabilities. So, instead of $query = "UPDATE authors_aut SET fname_aut='".$author->fname_aut."', lname_aut='".$author->lname_aut."' WHERE id_aut=". $author->id_aut; you can write: $query = sprintf("UPDATE authors_aut SET fname_aut='%s', lname_aut='%s' WHERE id_aut='%s'", mysql_real_escape_string($author->fname_aut), mysql_real_escape_string($author->lname_aut), mysql_real_escape_string($author->id_aut)); Safer, maintainable and easier to read. 65: //add new record
66: $query = “DELETE FROM authors_aut WHERE id_aut = “.$author->id_aut;
Right…

Also, please use sprintf + mysql_real_escape_string instead of concatenating the query string with the parameters. It’s examples like these that make people oblivious to SQL injection vulnerabilities.

So, instead of
$query = “UPDATE authors_aut SET fname_aut=’”.$author->fname_aut.”‘, lname_aut=’”.$author->lname_aut.”‘ WHERE id_aut=”. $author->id_aut;

you can write:
$query = sprintf(“UPDATE authors_aut SET fname_aut=’%s’, lname_aut=’%s’ WHERE id_aut=’%s’”, mysql_real_escape_string($author->fname_aut), mysql_real_escape_string($author->lname_aut), mysql_real_escape_string($author->id_aut));

Safer, maintainable and easier to read.

]]>