[PHP-DEV] [RFC] String Types (security)

Hi, I'm looking at creating an RFC to address security issues that relate to poor string handling / escaping, such as SQL-Injection, XSS, etc. Considering these are still major issues on the OWSP Top 10, we need to do more to mitigate them. For example, an inexperienced programmer can easily c

Re: [PHP-DEV] [RFC] String Types (security)

On Fri, Jul 17, 2015 at 9:00 AM, Craig Francis wrote: > Hi, > > I'm looking at creating an RFC to address security issues that relate to > poor string handling / escaping, such as SQL-Injection, XSS, etc. > Sounds like you are describing the taint extension

Re: [PHP-DEV] [RFC] String Types (security)

On 17 Jul 2015, at 14:08, Mats Lindh wrote: > On Fri, Jul 17, 2015 at 3:03 PM Craig Francis > wrote: > I'm looking at creating an RFC to address security issues that relate to poor > string handling / escaping, such as SQL-Injection, XSS, etc. > > You probably want to related this to the exi

[PHP-DEV] Re: [PDO] Re: [PHP-DEV] Reordering PDO statement dtor sequence?

Hi Christopher, On 16/07/2015 13:26, Matteo Beccati wrote: Hi cjones, I've tried runinng the pdo_pgsql tests but I'm getting a (potentially unrelated) failure. I'll try to investigate and run the tests for other extensions as soon as I can find some time. so... pdo_pgsql and pdo_sqlite seem