[Gllug] question about python/perl
Jason Clifford
jason at ukfsn.org
Thu Feb 24 19:33:54 UTC 2011
On Thu, 2011-02-24 at 20:09 +0100, salsaman at xs4all.nl wrote:
> Quite right, although in my experience it is far more common to use a
> query string rather than the address to hold parameters, for example:
>
> http://www.example.com?name=joel&flower=rose&type=petal
>
> A smart enough framework would then create a parameter called "name" and
> assign it the value "joel", create a variable "flower" with value "rose"
> and a variable "type" with value "petal". These variables are then used in
> the code which returns html to the client.
Absolutely NOT!
PHP used to do that by default. It was called register globals and was
one of the biggest security holes in PHP and earned the language many
curses. If you create a variable automatically you enable anyone who can
pass a query string (ie every visitor to a website!) to play with your
internal application variables.
A smart framework will take those parameters and make them available in
a manner that the application can easily use so that the programmer has
the option to make a variable easily once the input has been validated.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list