Hackr.io is a community to find and share the best online courses & tutorials. Join them, it only takes 30 seconds.

Here's how it works:

Anybody can submit a course or a tutorial

Community upvotes the useful tutorials

The best tutorials rise to the top

Disclosure: This page may contain affliate links, meaning when you click the links and make a purchase, we receive a commission.

PHP The Right Way (phptherightway.com)

Visit Tutorial

#1 out of total 20 PHP Tutorials and Courses 39.9k+ views / Published March 19, 2015

submitter

Khairul Anuar

2090 points

Why programmers like this tutorial?

Content quality

Qualified Instructor

Course depth and Coverage

Video quality

Course Pace

Write your review of this tutorial:

You can also ask questions or provide any information that might be helpful to the people taking this course.

Matthias Hogerheijde

50 points

8 years ago

Right,.. the "right way",.. and it is telling us to execute arbitrary code over the network by running "curl -s https://getcomposer.org/installer | php"... that's wrong on so many levels.

Gaurav Gupta

64815 Points

@matthias-hogerheijde You can always download the code and see what you are installing. Isn't that the same with almost everything else?

Matthias Hogerheijde

50 Points

@gaurav-gupta It is not the same, because you need a level/web of trust. The act of trusting https://getcomposer.org/installer is not wrong in and of itself, teaching people to blindly copy-paste a command that does remote-code execution is the point that I'm fussing about. We should teach everyone to *first* find out what the level of trust is they put in something. Either by looking at the code and understanding it; or by making sure others (that you trust) have. So the least you should do is explain _why_ you trust the content of https://getcomposer.org/installer _before_ you tell others to blindly run that code. Then, I can figure out if your trust in them means anything to me. If so, I'll follow your advice. If not: I need to double-check.

Again: it's not about the actual command; it's about telling people that this is normal. It shouldn't be.

Square Boat

10 Points

@gaurav-gupta @matthias-hogerheijde Yups, you're right.

Mdimran Khan016

10 points

4 years ago

basic php code

Leo Torres

10 points

5 years ago

How up to date is this?