Which server-side programming should i choose.
matt
matt at proweb.co.uk
Fri Jul 4 02:20:23 PDT 2003
Matthew Seaman wrote:
>On Fri, Jul 04, 2003 at 10:26:47AM +1000, JacobRhoden wrote:
>
>
>>Even though this is getting waaay off topic...
>>
>> On Thu, 3 Jul 2003 07:46 pm, Matt Heath wrote:
>> > Ever seen something like this :
>> > $r = mysql_execute("select * from table_1 where id=$_GET[id];");
>>
>>Actually people do do the same thing and perl and you know it :P Both perl and
>>php support calling sql with parameters using ? to insert variables. If
>>someone does not know what language to use at all, I would suggest php simply
>>because its a good, quick, easy language to get started in without too much
>>difficulty. (In lots of ways including not needing to understand cgi
>>variables, and what the heck Content-type: text/html\n\n is, or learning how
>>to include perl librarys to do all that stuff for you!)
>>
>>
>
>You're missing the point. $_GET[id] is one of the arguments used when
>calling the PHP and as such is completely under the control of an
>external user.
>
exactly
perl has the "tainted" construct for this and will refuse certain
operations with tainted data.
But my challenge was Kevin Kinsey's assertion :
> [PHP is] likely to be more secure than Perl if used as Apache module than CGI.
and I want to know why ?
More information about the freebsd-questions
mailing list