Date: Wed, 08 Dec 2010 17:07:38 -0600 From: Kevin Kinsey <kdk@daleco.biz> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-questions@freebsd.org, Da Rock <freebsd-questions@herveybayaustralia.com.au> Subject: Re: Shopping cart other than OSCommerce? Message-ID: <4D000FBA.8040908@daleco.biz> In-Reply-To: <2BE7EA7A-8604-4D21-801C-309447CD54F9@mac.com> References: <3374599093-437630056@intranet.com.mx> <DB1524B8-BBC3-446C-A72A-59E981DD29B3@mac.com> <4CFED0D4.3090108@herveybayaustralia.com.au> <BFB6697B-9EB5-456B-8C10-481C8DF174AA@mac.com> <4CFF8A29.2030202@herveybayaustralia.com.au> <2BE7EA7A-8604-4D21-801C-309447CD54F9@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger wrote: > You don't magically get immunity from SQL injection by using > JDBC or EOF or whatever, but using bound variables in queries rather > than feeding user input into raw SQL, or invoking stored procedures > or user-defined functions instead will mitigate one of the more > common security problems. And these practices are "Good Practice" in any language, including PHP. I think a big part of PHP's problem was that in order to have it widely adopted and to be thought "simple enough for $ME to use", the documentation was written in simplest terms, without these types of checks, and inexperienced coders adopted similar practices to write working sites. The real problems with PHP are its ubiquity (not unlike M$ operating systems ... it's an omnipresent target) and the fact that many of the people writing it come from a "design" background instead of a programming one. A man who has no inkling of the existence of carnivorous animals will not build his house in a tree. My $.02, Kevin Kinsey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D000FBA.8040908>