Thanks for the response
Thanks for the response
Posted Dec 28, 2006 5:37 UTC (Thu) by jake (editor, #205)In reply to: Thanks for the response by denials
Parent article: The state of PHP security
Upon further reflection, the title, which I did suggest, is not an accurate representation of the contents.
PHP 5.2 and 6 are all well and good and I applaud the PHP team for whatever strides they have made security-wise. As I said, it would probably make a nice article. Unfortunately, many apps and hosting sites still only support earlier versions of PHP, some dating from 2002, perhaps. This is, of course, not the fault of the PHP team, but it might have been avoided by taking some of the steps you describe a bit earlier in the development of the language.
I get tired as well of reading SQL injection, XSS, remote file include and other vulnerabilities in PHP apps, in many cases written by people who are trying to get it right. Perhaps my weariness with all of that crept into the article more than it should have.
I appreciate your comments, thanks ...
jake
Posted Jan 4, 2007 9:40 UTC (Thu)
by appie (guest, #34002)
[Link]
And remember to revisit the excellent (!) online PHP manual plus comments every now and then to check for new and improved features.
With regard to SQL injections, if you don't use an abstraction layer and are using postgresql (applause! :-) be sure to use:Thanks for the response
pg_query_params()
http://www.php.net/manual/en/function.pg-query-params.php
It's available since PHP5.1