[Gllug] question about python/perl

Nix nix at esperi.org.uk
Thu Feb 24 23:38:43 UTC 2011


On 24 Feb 2011, Jason Clifford stated:

> On Thu, 2011-02-24 at 20:09 +0100, salsaman at xs4all.nl wrote:
>> A smart enough framework would then create a parameter called "name" and
>> assign it the value "joel", create a variable "flower" with value "rose"
>> and a variable "type" with value "petal". These variables are then used in
>> the code which returns html to the client.
>
> Absolutely NOT!
>
> PHP used to do that by default. It was called register globals and was
> one of the biggest security holes in PHP and earned the language many
> curses. If you create a variable automatically you enable anyone who can
> pass a query string (ie every visitor to a website!) to play with your
> internal application variables.

Yeah. It would create a map/hash/dictionary/table/term-of-choice-in-your-
language and fill it with key/value pairs :) nice and safe and non-
conflicting.
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list