| |||||||||||||
Thanks for the responseThanks for the responsePosted Dec 28, 2006 5:37 UTC (Thu) by jake (editor, #205)In reply to: Thanks for the response by denials Parent article: The state of PHP security
Upon further reflection, the title, which I did suggest, is not an accurate representation of the contents.
PHP 5.2 and 6 are all well and good and I applaud the PHP team for whatever strides they have made security-wise. As I said, it would probably make a nice article. Unfortunately, many apps and hosting sites still only support earlier versions of PHP, some dating from 2002, perhaps. This is, of course, not the fault of the PHP team, but it might have been avoided by taking some of the steps you describe a bit earlier in the development of the language.
I get tired as well of reading SQL injection, XSS, remote file include and other vulnerabilities in PHP apps, in many cases written by people who are trying to get it right. Perhaps my weariness with all of that crept into the article more than it should have.
I appreciate your comments, thanks ...
jake
(Log in to post comments)
Thanks for the response Posted Jan 4, 2007 9:40 UTC (Thu) by appie (subscriber, #34002) [Link] With regard to SQL injections, if you don't use an abstraction layer and are using postgresql (applause! :-) be sure to use:pg_query_params() http://www.php.net/manual/en/function.pg-query-params.php It's available since PHP5.1
And remember to revisit the excellent (!) online PHP manual plus comments every now and then to check for new and improved features.
|
|||||||||||||