> I don't think you've read the section on prepared statements in the > PDO documentation, because it does mention it there, although it > doesn't beat you over the head with the seriousness of the problem. > > http://us2.php.net/manual/en/ref.pdo.php#pdo.prepared-statements
Sorry for my buz... This piece of manual say the same i've said... But i repeat, i thing a security (or a good dev practice portal) portal is a good freind of the manual and can be abel to level up the security of php dev app... But is not the only solution... And i think CERT must not alarm in the same statistic pool if are application security bug, or php engine security bug... because actualy there no posibility to filter on cert (i've seen one...) on php engine only... And it the same with module that use lib that have security bug... And is bad for the php image... On this portal i thing also be interesant log php alert in more friendly way... Regards, Mathieu -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
