loading...
re: The kind of issues that PHP enables are more like "let's execute this unfiltered user input" which is way more dramatic than a randomly-bugged fron...

Oh well, I assumed that frameworks would make sure that req.param('name') is a valid unicode string while $_GET['name'] can be any string of bytes but maybe I'm expecting too much?

In any case, you can write stupid code in all languages. But to be specific to the $_GET issue, it's so easy to break encapsulation using it (because it's global). Same thing with $_REQUEST, what is the point of this except getting X-whatever-scripting attacks from all sides?

PHP is just next-level compared to anything else in terms of possible misuses.

Code of Conduct Report abuse