In a message dated: Thu, 07 Mar 2002 00:03:30 EST Benjamin Scott said:
> I note that Perl's CGI module has an identical feature (the ability to set >language variables from an HTML form). Still does, AFAIK. I'm not trying >to compare Perl to PHP here, just point out that tools that allow you to do >stupid things are not limited to PHP. Ahm, why is this a stupid thing? How else do you get data into a CGI from a web page? Just because you're taking data in from the outside and setting a variable to the value entered in a form isn't, in and of itself, a stupid thing. It's what you do, or rather, don't do with that data after you have it that makes it dangerous. Once you take "tainted" data in, you must jump through hoops to "de-taint" it. Just blindly accepting the value from an HTML form and using it "as is" is stupid, but that's a programming practice that's stupid, not a language design issue. Please clarify if I'm misunderstanding what you're talking about. ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
