On Tue, 2014-05-27 at 10:48 -0400, Jared Smith wrote: > I know you probably meant this to be tongue-in-cheek, but this problem > isn't specific to PHP. It's just as easy to write bad SQL statements in > Perl or Python or any other language that interacts with a database.
That's not entirely true. The risk is much higher when you're using an API created by people who think functions like addslashes() are a good idea. PHP isn't quite the cesspool is used to be, but it's still a breeding ground for bad code. At least C++ and Perl are more obviously dangerous. PHP lulls you into a false sense of security. While it's possible to write decent code in PHP, it's more work because of all the bad examples you have to learn to ignore. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
