![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Reasons not to use PHP
Feb. 20th, 2009 03:32 pmFrom the PHP homepage:
This means that even if you used magic_quotes_gpc, which is evil anyway, but necessary for MySQL (reasons not to use MySQL and PHP), you would have been open to an injection attack, and that values that had single quotes in them like O'Reilly would have broken your site.
Can anyone say regression tests?
PHP - Not enterprise software.
PHP 5.2.7 has been removed from distribution
[07-Dec-2008]
Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released.
This means that even if you used magic_quotes_gpc, which is evil anyway, but necessary for MySQL (reasons not to use MySQL and PHP), you would have been open to an injection attack, and that values that had single quotes in them like O'Reilly would have broken your site.
Can anyone say regression tests?
PHP - Not enterprise software.
