On Fri, Jul 04, 2003 at 10:26:47AM +1000, JacobRhoden wrote:
Even though this is getting waaay off topic...
On Thu, 3 Jul 2003 07:46 pm, Matt Heath wrote: > Ever seen something like this : > $r = mysql_execute("select * from table_1 where id=$_GET[id];");
Actually people do do the same thing and perl and you know it :P Both perl and php support calling sql with parameters using ? to insert variables. If someone does not know what language to use at all, I would suggest php simply because its a good, quick, easy language to get started in without too much difficulty. (In lots of ways including not needing to understand cgi variables, and what the heck Content-type: text/html\n\n is, or learning how to include perl librarys to do all that stuff for you!)
You're missing the point. $_GET[id] is one of the arguments used when
calling the PHP and as such is completely under the control of an
external user.
exactly
perl has the "tainted" construct for this and will refuse certain operations with tainted data.
But my challenge was Kevin Kinsey's assertion :
[PHP is] likely to be more secure than Perl if used as Apache module than CGI.
and I want to know why ?
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
