(back on list) Am 25.03.2005 um 22:17 schrieb Jared Williams:
As Thies wrote: This list is for discussing the development _of_ PHP. Therefore it's important to have samples which are showing the problem not the whole stuff around it - such a thing won't be readable anymore and the readers would spend much more time for understanding the code than for discussing the problem. Everybody on this list should have enough knowledge about checking input data and these things. The only thing one might do is to add a disclaimer stating that the code might be unsafe but some dude might still ignore this warning and the others get bored so it won't change anything.
Posted off list, intentionally.
There is absolutely no excuse for posting poor insecure code, ever.
Yes, people on the the internals list should know better, but evidentally not.
The fact that its public, and anyone can read these posts means some thought and responsibility should be taken before posting code.
My rewrite of Thies's code still demonstrated the colon problem, but with more security.
you are wong - full stop.
people like you really frustrate ppls like me. i have written more code with php and for php than you can imagine. the sample php-code was to demonstrate a problem -and- the way it was posted to the list 100% secure -
the code you send as "better code" is _not_ any more secure! you don't check the input-length of the passed in values -and- if userdata gets into your "brilliant" function unchecked a malicious "hacker" could send megabytes for the column values and maybe bring down or DOS your database. (especially if the C-core of that database has been written by idiots like myself and not brilliant minds like yourself).
you have contributed ZERO to the problem that made me a) post to a PHP list again after a long time and b) made me sit down and "attack it" *but* c) you have managed to remind me why developing php has become less and less fun for me and why myself (and numeros ex-contributors) have stopped doing so.
thanx, thies
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
