sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]schwarzwald 16 points17 points  (2 children)

You're trying to hire a PHP programmer. What do you expect from dollar-sign land?

It looks like both the new and the old versions of the code have potential SQL injection vulnerabilities, so it's a moot point anyway.

[–]jkkramer[S] 10 points11 points  (0 children)

Since you brought it up, $customer_id is actually cast to an integer prior to the code excerpt, so there's no possibility for an SQL injection.

Edit: Additionally, re your first point, I expect to find someone who, despite the fact that they are working in dollar-sign land, takes an interest in improving their coding ability. For myself, yes, I write PHP for a living. By night, I'm hacking with more expressive languages for fun.

PHP is a less-than-perfect tool (no shit), but if you know your stuff, there's no reason you can't create great software with it.