W dniu 14.08.2019 o 14:14, Reinis Rozitis pisze: > Depends on how you look at if exec($_GET['param']) is a language > responsibility or programmers?
Please, let's keep this discussion at some level of sanity... You basically need stick to static HTML if you're considering possibility of such exec() usage as a security issue. They're at least 3 main deferences between short open tags and exec-like functions: 1. exec-like functions have their purpose without any straight-forward alternative, while `<?` is just worse version of `<?php`. 2. `exec($_GET['param'])` is not intended usage of `exec()` while `<? $dbPasword = 'my$ecret' ?>` is intended usage of short open tags. 3. Because of point 2, there is no IDE or editor which will generate code like `exec($_GET['param'])`, while there is at least one popular IDE which will generate code with short open tags. Regards, Robert Korulczyk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php