> Please, let's keep this discussion at some level of sanity... You basically > need > stick to static HTML if you're considering possibility of such exec() usage > as a > security issue.
This discussion has gone out of sanity levels the moment people started to state that short tags is one (of the many) things PHP has why new programmers and companies don't pick the language or why colleagues laugh at you and is a blocker of new bright future etc. and now in this moment this is a do or die situation otherways next year everyone will be writing in javascript. > 1. exec-like functions have their purpose without any straight-forward > alternative, while `<?` is just worse version of `<?php`. Except there are 4-5 functions which do the same not to mention `` backtick syntax (can't there be an accident mixing those with single quotes?). > `<? $dbPasword = 'my$ecret' ?>` is intended usage of short open tags. On this I could also say that recommendations are to store all credentials outside webroot, but again it also qualify as something different than by accident generated code in IDE, just to show that the "security issue" can be stretched however you like. > You basically need stick to static HTML Maybe. But let's end at this .. rr -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
