[Gllug] question about python/perl

Joel Bernstein joel at fysh.org
Fri Feb 25 00:57:02 UTC 2011


On 25 February 2011 00:38, Nix <nix at esperi.org.uk> wrote:
> On 24 Feb 2011, Jason Clifford stated:
>
>> On Thu, 2011-02-24 at 20:09 +0100, salsaman at xs4all.nl wrote:
>>> A smart enough framework would then create a parameter called "name" and
>>> assign it the value "joel", create a variable "flower" with value "rose"
>>> and a variable "type" with value "petal". These variables are then used in
>>> the code which returns html to the client.
>>
>> Absolutely NOT!
>>
>> PHP used to do that by default. It was called register globals and was
>> one of the biggest security holes in PHP and earned the language many
>> curses. If you create a variable automatically you enable anyone who can
>> pass a query string (ie every visitor to a website!) to play with your
>> internal application variables.
>
> Yeah. It would create a map/hash/dictionary/table/term-of-choice-in-your-
> language and fill it with key/value pairs :) nice and safe and non-
> conflicting.

Until you have to neatly handle multiple values for the same parameter
key, of course. None of the major frameworks handle that
*particularly* well...

/joel
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list