I'm completely rewriting my first script (yay fun!) - what should be done?

[avillanu]

I'm rewriting my first script (CMS). As you can imagine, it's written like a newbie. I haven't learned OOP yet so nothing revolutionary, but I'd like to made the code cleaner and more secure. My thoughts:

 

* Anti-MySQL Injection

Use: $id = intval($_GET['id'])

What should I use regarding username/password and strings passed by the users?

* Make variables more memorable/descriptive

* Should I bother using LOCK tables? I have a basic CMS which tracks views, user ratings and such.

More info here: http://www.php-mysql-tutorial.com/mysql-update-and-delete.php

* Add indents to make code more readable.

* Should I add MySQL close connect? I see this is some tutorial examples and not in others.

* Should I use functions? something like displayTopContent(); instead of having multiple lines of code...once again this would make the code much more readable, are there any drawbacks to doing this?

 

Any other suggestions would be greatly appreciated.

[omarh2005]

Hi

there is a way,example:

$query=mysql_query("select username,password from users where username like '".$username."' and password like '".$password."' ");

regards