"Derick Rethans" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Thu, 14 Aug 2003, moshe doron wrote: > > > the question is what is the common php programing habit. > > sinse there is no public recommendation on the manual (fix me here) or > > someware else, i assume thats the hebit is not always do verify the data > > and u can't blame the php users. > > Well, that's not our problem if people don't verify user input. Every > article dealing with the simplest security problem mentions this. I > don't think it's a good idea to break this functionality. (yes, even > MySQL has this in version 4.1+)
Every application manager for application that grow beyond the traditional simplest sample, know that the programers makes this kind of errors, and lot of them, specially in this part of the software where all run as usual even with the bugs. the price for every simple and common error is one that php can't shake free of responsibility and blame the users. till today, the most common use with php was mysql, that have no this kind of problem, and exotic and expensive one like oracle, mssql (i'm owner of production application in both) doen't got much focus. today with sqlite, the status is going to change and w'll see more and more "unverified" but open to public sites with this kind of error. and yes, 1) help users not shouting themself. 2) give the users the choise to keep things simple (not verify at all, specially in the context of the typeless sqlite...) is are good things of php, and there is no reason not continuing. > > btw, i doubt if u want to publish here the db sechema and url to system > > running oracle in ur ownership ... > > "u" and "ur" are not in my dictionary, perhaps you mean "you" and "your" > ? are there any internals coding standards somewhere? moshe. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
