Saying that a user should not be able to put in html is a cop out. As a versed software engineer, you should be completely perfect with parsing data and validating it. In fact, if you have a degree from a university (which I'm assuming that you do), you should have had to deal with grammars in one of your classes. It sounds like you don't recognize the need for this, as you are most likely not what one would classify as a "web developer". That is fine, but some applications require the use of this. One very realistic example is a CMS controlled by a company. They need this type of control. Creating your own language (bbcode or wiki-code) defeats the purpose of the standards that are out there (HTML), especially to the extent that a CMS needs.

Well, you attempted to fix your problem in this response but my first statement is correct. mysql_escape_string does have some problems. You have to use mysql_real_escape_string to be sure if you are inserting binary data into the database as there can be potential injection attacks done otherwise.

If you think that most PHP developers are extremely bad, I think that you need to look around at all developers. You find really bad code in all languages, and pretty often (go to thedailywtf.com for some examples). I would hardly look at my fellow developers (you know the real ones...) building frameworks like Drupal and call them extremely bad. You can say this is a minority, but I think that you are sadly mistaken, especially if you think this "Web 2.0" thing is a hype. Wait a few more years and look at the technology that is built around the web browser (regardless of the back-end technology).

PHP has won out as the language of choice on the web, its a fact. PHP is not what it used to be, prior to version 5.2. It is a robust language that can create very rich and scalable Internet technologies. I work with Fortune 500 companies who are completely satisfied with using PHP over Java. A "serious developer" should be comfortable in any language (whether PHP, Java, Ruby, Python, etc.). In fact a "serious" web developer must be versed in many languages, as they piece together systems in different languages.

Unfortunately you are incorrect at how easy it is to prevent these issues. In some examples, you want the input to come through as HTML that is allowed to be displayed back to the end users. An example of this is MySpace.com (or even the commenting system here). Do you remember the Samy worm that crawled through their system? The techniques you have given would not have worked. An advanced parser that validates the input is necessary to prevent that (by stripping out the bad portions of the data). I was tasked with creating such a parser for a website I worked on (emerciv.com) to prevent the XSS attacks like that from occurring (and also the problem with invalid HTML that can break page flow). Furthermore, mysql_escape_char is not the industry preferred method of preventing MySQL injection attacks as it still allows some to occur; the preferred method is to use PDO. You might want to study up on those...

Oh, and by the way, I am a software engineer (finishing up my Master of Science in Software Engineering with a focus on Knowledge and Information Engineering from the University of Michigan's Dearborn campus at the end of the summer and have been asked by the Electrical and Computer Engineering department chair to create new curriculum for the undergraduates in interactive web development, and will be teaching it as well) and I consider myself a PHP developer (amongst other languages) and take offense to that ;)

I can see a problem if you are trying to get service for your phone, but every time you hold it up and away from your body to try to get better reception it goes into camera mode. Come on now, I can't be the only one that does that lol...

I was forced to use a linux machine at work, but I could not find any comparable editor. I was using Komodo for a while, but that just didn't cut it. I did install wine and use Notepad++, but it just crashed all the time. This would happen especially often while using the FTP Synchronize add-on, so I just went back to a Windows machine so that my productivity would go back up. I hope that using wine works better for you than me.

I really have to question one's programming skills when they state something like this (I would almost think that one that says this would also say that there is no reason to do any requirements or design before actually beginning the coding). No matter what you are writing, you are coming up with design patterns all of the time. You might not be writing as elegant solutions as "The Gang of Four" did, but you are still coming up with re-usable bits of code that solve problems in a specific domain. Design patters are simply solutions to design problems that are found to be reoccurring. I think that some people come across bad uses of the patterns and assume that all uses are bad.

A decent developer will refuse to refer to a book for help in solving a problem class that has been solved many times over. A great programmer will remember what he/she read in a book a while back about what to look for and how to reduce efforts. That book will not give you any answers to your problems that you will be able to cut-and-paste, rather it will give you the tools necessary to become a more competent programmer. There is more to writing good code besides knowing what the syntax of a language is.

I'm sorry that you have come across someone's bad code. Have you ever seen a bad implementation of a sorting algorithm and said this is so bad, and refuse to ever use that algorithm again? Just because you came across a bad use of something, does not mean that it is bad.

I have to agree (it is the "gang of four"). Even if people say that patterns are overused, they are necessary if you want to reduce current and future estimates.

While working on my Master of Science degree, this book was probably the most useful book that I had to read. I applied the concepts instantly to my work, which allowed us to take on much larger projects and increase profit margins.

I should also state that it is very easy to read and has great examples to show the concept. This is really a must read for any individual who is writing software.

Now a whole new generation of kids can have great enjoyment from the Nintendo. It's kind of like a console hand-me down of sorts lol.

According to the article it is a knock-off device that one of the students found in India on the streets for $12. Adding the Internet access and other necessary componenets most likely will not hike up the price over the OLPC.

If someone finds the company that makes those devices, I want to buy in. This could take off.