[nycphp-talk] Embrace Dynamic PHP
csnyder
chsnyder at gmail.com
Fri Apr 25 17:44:36 EDT 2008
On Fri, Apr 25, 2008 at 5:27 PM, Austin Smith <netaustin at gmail.com> wrote:
> I thought I was pretty clear, that query was an example of what many newbies
> do, not what I would do (... so they don't blow their brains out with things
> like ...) exposing a vulnerability and almost certainly exposing themselves
> to copy-paste repetition. It certainly wasn't shorthand, and I've seen it a
> thousand times.
I think we're all a little sensitive about jumping on posts that
illustrate worst-practices because there's the perception that newbie
developers will pick them up as they trawl the archives. They must be
getting these crazy ideas from somewhere, right?
Hopefully anyone reading this list has seen "filter input, escape
output" enough times to know that "{$_POST['title']}" is just _wrong_
no matter where it appears.
Maybe next time just annotate it with an <--anti-pattern note...
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list