SLUG Mailing List Archives
Re: [SLUG] PHP vs Perl security.
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] PHP vs Perl security.
- From: Jeff Waugh <jdub@xxxxxxxxxxx>
- Date: Thu Oct 26 15:06:24 2000
- User-agent: Mutt/1.2.5i
[ Far be it from me to defend PHP, but I have to use it, so... ]
<quote who="Dean Hamstead">
> Also having form commands available as variables isnt such a great it IMO.
> Best to just load them into an array of some sort (hash in perls case)
Whilst the form variables are convenient to a certain extent, you're better
off turning them off and using the HTTP_GET_VARS and HTTP_POST_VARS
So yes, you can do the same in PHP, it's just that the default is not quite
secure and 'wise'.
> Perl is also a language in and of itself. I can write gtk apps
> for example, even just CLI stuff.
> I usually use this to update stuff on my pages that doesnt need
> to be out of the database every time, news for example. Event
> driven, but events outside the web environment.
> I dont think php can do this =)
PHP does cgi, baby. It's freakin' wrong though. :) Just put
or whatever on the first line, and you too can have all the brokenness and
evil of PHP to do the things you ought to be doing in Perl! Yay! cf. My
little rant on text-processing with PHP a number of meetings ago.
You could certainly develop GTK+/GNOME apps in PHP, it's just a matter of
someone building a wrapper. Perhaps some initial work has been done. But for
the sake of the planet's sanity PLEASE DON'T! ;)
I used to use php3 cgi to do dbase stuff on my Debian system (the dbase
module was only available for php3 straight out of the tree, and I'm a Lazy
Bastard (tm) when it comes to those sorts of things - get it done, etc.)
The main reason why PHP is such a pain at the moment is that it's pretty
immature. Error handling, really worthwhile OO (INFORMATION HIDING PEOPLE!),
etc., just isn't good enough right now. The environment hasn't caught up to
things like Perl, ASP (no, seriously) and Python.
And so we battle on (but I'm playing with mod_python now, and that's
> An idea would be to put the database on a seperate machine
> from the web server. This IMO would tighten things up a little.
And like evil sneaky database people, use NetBEUI to link the database
server and the webserver! ;) Don't do this at home, kids.
-- jdub@xxxxxxxxxxx ------------------------------- http://linux.conf.au/ --
Ye shall be cursed to fall in love so easily, and yet be so cold of
heart as never to express it.