PHP - security etc

Andrew Black andrew-li at
Wed Mar 7 13:34:19 GMT 2007

I have something of a bias against PHP and am trying to rationalise or
correct this view.

I am mainly interested in installing applications  (eg a forum or
content management system) that are in PHP. I am less interested in
writing my own pages in PHP.

I do recall that certain PHP based applications have a bad security
reputation, but is this an aspect of the application or of PHP (or a bit
of both),

My gut feeling is  that it is rather
easy to write code that does exactly what you want, but also fairly
close to what a hacker wants.  Is this still the case, or am I clinging
onto views about old versions of PHP.  Is PHP more or less open to
nastys such as SQL injection?

More information about the mailing list