Merge branch 'gh-pages' of git://github.com/eoconnell/php-the-right-way into gh-pages

_includes/databases.md

@@ -6,17 +6,21 @@ More importantly, `PDO` allows you to safely inject foreign input (e.g. IDs) int
 
 Let's assume a PHP script receives a numeric ID as a query parameter. This ID should be used to fetch a user record from a database. This is the `wrong` way to do this:
 
+{% highlight php %}
     <?php
     $pdo = new PDO('sqlite:users.db');
     $pdo->query("SELECT name FROM users WHERE id = " . $_GET['id']); // <-- NO!
+{% endhighlight %}
 
 This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a heartbeat. Instead, you should sanitize the ID input using PDO bound parameters.
 
+{% highlight php %}
     <?php
     $pdo = new PDO('sqlite:users.db');
     $stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id');
     $stmt->bindParam(':id', filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT), PDO::PARAM_INT);
     $stmt->execute();
+{% endhighlight %}
 
 This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is introduced to the database preventing potential SQL injection attacks.
 

_includes/dependency-management.md

@@ -40,19 +40,26 @@ When you come across documentation that states to run Composer as `php composer.
 
 First, create a `composer.json` file in the same directory as `composer.phar`. Here's an example that lists [Twig][2] as a project dependency.
 
+{% highlight json %}
     {
         "require": {
             "twig/twig": ">=1.8.0,<2.0-dev"
         }
     }
+{% endhighlight %}
 
 Next, run this command from your project root directory.
 
+{% highlight bash %}
     > php composer.phar install
+{% endhighlight %}
 
 This will download and install the project dependencies into a `vendors/` directory. Next, add this line to your application's primary PHP file; this will tell PHP to use Composer's autoloader for your project dependencies.
 
+{% highlight php %}
+<?php
     require 'vendor/autoload.php';
+{% endhighlight %}
 
 Now you can use your project dependencies, and they'll be autoloaded on demand.
 

_includes/language-highlights.md

@@ -47,27 +47,33 @@ CLI PHP programs are powerful because you can use your app's code directly witho
 
 Try running PHP from your command line:
 
+{% highlight bash %}
     > php -i
+{% endhighlight %}
 
 The `-i` option will print your PHP configuration just like the [`phpinfo`][phpinfo] function. There are a number of other useful [command line options][cli-options], too.
 
 Let's write a simple "Hello, $name" CLI program. To try it out, create a file named `hello.php`, as below.
 
+{% highlight php %}
     <?php
     if($argc != 2) {
         die("Usage: php hello.php [name].\n");
     }
     $name = $argv[1];
     echo "Hello, $name\n";
+{% endhighlight %}
 
 PHP sets up two special variables based on the arguments your script is run with. [`$argc`][argc] is an integer variable containing the argument *count* and [`$argv`][argv] is an array variable containing each argument's *value*. The first argument is always the name of your PHP script file, in this case `hello.php`.
 
 To run our script, above, from the command line:
 
+{% highlight bash %}
     > php hello.php
     Usage: php hello.php [name]
     > php hello.php world
     Hello, world
+{% endhighlight %}
 
 
  * [Learn about running PHP from the command line][php-cli]