it was designed to stop-gap the even more
scandalous automatic quoting.
It is just two examples of how horribly bad PHP
has been designed. Strike that. PHP was never
designed. PHP happened .
The reason you still see these injections in
mainly PHP sites is that PHP makes the wrong
way the easiest and the correct way the
hardest. Cue string interpolation. A good idea
borrowed from Perl, but which should NEVER had
found a place in web scripting. String
interpolation is an open invitation to both SQL
injection, XSS injections and even PHP
injections.
Compare to Java or C# which each have a much
better culture and features which (especially
for C#) makes the correct way actually easier
then the incorrect. Cue LINQ (LINQtoSQL, LINQ
to NHibernate or LINQtoEntities). LINQ queries
are succinct, strongly typed and type
safe with no possibility of injections.
Java does have JDBC which could be as bad as
PDO et. al from PHP, but the Java culture has
adopted proper ORM frameworks a long time ago.
PHP is the worst PoS ever to hit the servers.
It is an accident, and an unfortunate example
of what the open source community can
also produce. Inconsistent, slow, weakly
typed, buggy and memory-corrupting, rife with
gotchas and error prone.
Discussion on:
Message 2 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
