On Thu, 14 Sep 2006 17:05:06 +0100
Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> wrote:
> Is PHP The Cure For The 'Broken' Web?
>
> ,----[ Quote ]
> | "The Web is broken and it's all your fault."
> |
> | Those are the words that Rasmus Lerdorf, the creator of PHP, said to
> kick | off his keynote at the php|works conference under way here.
> |
> | [...]
> |
> | Then there is Microsoft's Internet Explorer, which has "stupidity"
> | issues with character set detection, arbitrary header injection,
> host | header spoofing and request splitting.
> |
> | "IE is completely broken in so many ways," Lerdorf said.
> |
> | With some PHP commonsense, a few of the reasons why IE is broken can
> | be overcome.
> `----
>
> http://www.internetnews.com/dev-news/article.php/3631831
PHP is such a useful tool for developing pages with.
most of the time my choice is between perl python or php.
The part about checking input is so relevent to these languages. Using
JSP or c# often one has to create a matcher object, which just creates
bookkeeping overheads.
With perl, its as simple as if( $v =~ /^[0-9a-zA-Z]+$/ ) for most cases,
similarly for php:
if( preg_match( '/^[0-9a-zA-Z]+$/', $v ) ) ...
Much less work, why people don't check EVERYTHING is beyond me.
Those who do, often forget to RECHECK values retrieved from a database,
for example, inserting something which just came from a database without
thinking to escape it again can be disastrous, no matter what the
language.
--
Regards, Ed :: http://www.gnunix.net
just another unix person
Every link of gold around Mr. T's neck represents 7 fools that that
he pitied, and then ate.
|
|