/developer|entrepreneur/i
Always looking for new developer talent, even those with zero experience, as you never know who's got the potential to become a great developer.
You can SQL inject in any language, absolutely, but it seems like the drivers that ship by default with others have examples with placeholder values as a rule. While the official PHP documentation does a great job of walking people through how to use things like PDO or mysqli, these pages are buried SEO-wise by a metric ton of junk that doesn't, especially in the YouTube department.
The PHP world has an unusually high number of frameworks, maybe a dozen depending on your definition. In the Ruby world we've got basically two. Python? Three-ish. Node? Everything builds on Express.js. PHP has so much choice!
/developer|entrepreneur/i
Always looking for new developer talent, even those with zero experience, as you never know who's got the potential to become a great developer.
I think the problem is so pervasive, it's basically endemic to large parts of the PHP world, that it calls for some kind of intervention. An article won't be enough. This requires a pretty serious effort to disrupt what the current top-ranking results are for common inquiries like "how to php mysql" and such.
As much as I appreciate OWASP, it's a bit too theoretical for most people to absorb, especially newcomers who just want a how-to type introduction. It's at that point they're the most vulnerable to bad advice.
It’s hard to turn the direction of a large ecosystem, but it would probably take creating something like a PHP security initiative which would provide high quality documentation and videos that would become the reference point for good security. It would have to be something the whole community can get behind.
I think frameworks have made the situation much better since they have more secure defaults. However, developers need to be able to understand what the framework provides so they use it appropriately.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You can SQL inject in any language, absolutely, but it seems like the drivers that ship by default with others have examples with placeholder values as a rule. While the official PHP documentation does a great job of walking people through how to use things like PDO or mysqli, these pages are buried SEO-wise by a metric ton of junk that doesn't, especially in the YouTube department.
The PHP world has an unusually high number of frameworks, maybe a dozen depending on your definition. In the Ruby world we've got basically two. Python? Three-ish. Node? Everything builds on Express.js. PHP has so much choice!
I think the problem is so pervasive, it's basically endemic to large parts of the PHP world, that it calls for some kind of intervention. An article won't be enough. This requires a pretty serious effort to disrupt what the current top-ranking results are for common inquiries like "how to php mysql" and such.
As much as I appreciate OWASP, it's a bit too theoretical for most people to absorb, especially newcomers who just want a how-to type introduction. It's at that point they're the most vulnerable to bad advice.
It’s hard to turn the direction of a large ecosystem, but it would probably take creating something like a PHP security initiative which would provide high quality documentation and videos that would become the reference point for good security. It would have to be something the whole community can get behind.
I think frameworks have made the situation much better since they have more secure defaults. However, developers need to be able to understand what the framework provides so they use it appropriately.