Date: Fri, 04 Jul 2003 10:20:21 +0100 From: matt <matt@proweb.co.uk> Cc: questions@freebsd.org Subject: Re: Which server-side programming should i choose. Message-ID: <3F0546D5.1020106@proweb.co.uk> In-Reply-To: <20030704072303.GA69059@happy-idiot-talk.infracaninophile.co.uk> References: <20030702201929.79497.qmail@web12604.mail.yahoo.com> <07e301c340ec$1159e770$1b41d5cc@nitanjared> <3F03FB8A.9080700@thebigchoice.com> <200307041026.47024.jrhoden@unimelb.edu.au> <20030704072303.GA69059@happy-idiot-talk.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: >On Fri, Jul 04, 2003 at 10:26:47AM +1000, JacobRhoden wrote: > > >>Even though this is getting waaay off topic... >> >> On Thu, 3 Jul 2003 07:46 pm, Matt Heath wrote: >> > Ever seen something like this : >> > $r = mysql_execute("select * from table_1 where id=$_GET[id];"); >> >>Actually people do do the same thing and perl and you know it :P Both perl and >>php support calling sql with parameters using ? to insert variables. If >>someone does not know what language to use at all, I would suggest php simply >>because its a good, quick, easy language to get started in without too much >>difficulty. (In lots of ways including not needing to understand cgi >>variables, and what the heck Content-type: text/html\n\n is, or learning how >>to include perl librarys to do all that stuff for you!) >> >> > >You're missing the point. $_GET[id] is one of the arguments used when >calling the PHP and as such is completely under the control of an >external user. > exactly perl has the "tainted" construct for this and will refuse certain operations with tainted data. But my challenge was Kevin Kinsey's assertion : > [PHP is] likely to be more secure than Perl if used as Apache module than CGI. and I want to know why ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F0546D5.1020106>