this post was submitted on 16 Jun 2023
74 points (100.0% liked)
Programming
13389 readers
41 users here now
All things programming and coding related. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You have things like type juggling which can hide nasty and hard to troubleshoot bugs. There are also inconsistencies because before 2014 the developers were YOLOying it instead if having a formal specification to stick too.
And then you also have older parts of the standard library that were done by people that didn't know what they were doing, leading to things like
mysql_escape_string
which doesn't properly escape strings in some charsets, meaning you should usemysql_real_escape_string
and that lots of beginners used the wrong, unsafe, function.Another thing that doesn't help PHP's reputation is that it used to be the language of choice of people that knew enough programming to be dangerous. I.e. people that know enough to do small applications, but not enough to take security issues or reliability in consideration. Which by the way, is still a big attitude issue in the PHP world seeing only 8% of PHP Websites use a supported version of PHP with security updates..