Cracks in the Foundation (PHP Advent)
Posted Dec 18, 2011 21:29 UTC (Sun) by oldtomas
In reply to: Cracks in the Foundation (PHP Advent)
Parent article: Cracks in the Foundation (PHP Advent)
Take SQL Injection, for instance. The database interface is one of many areas where it's FAR easier to write broken than good code in PHP
I think it's at least as much a cultural as it is a language design problem. Nowadays, PHP has prepared statements
. But you don't see that used often "out in the wild". The best you get is some variations on "sql escape" which, given its interface, just can't get it right (on a short PHP stint I was horrified to see that even big frameworks like Joomla do it that way).
Then, beginning hackers copy that.
So, to "fix" PHP it would be necessary to "fix" all the code out there first, just to give beginners a chance to pick up good idioms.
to post comments)