| ▲ | daneel_w 2 days ago | |
>"Keep in mind this is PHP." Has nothing to do with PHP. SQL injection mishaps is a developer problem, not a language problem. It happens everywhere. | ||
| ▲ | ameixaseca 14 hours ago | parent [-] | |
I feel like answering this comment could start a possible argument, which I have no interest in doing. I do, however, want to point that anyone interested in comparing language design choices can conclude by themselves this is likely a strong factor. You can find references like the classic "PHP: a fractal of bad design"[1] which not only talks about the language itself but SQL injection, error handling and tons of other issues. It summarizes most of the important points. I can also add a few issues like[2][3], which unfortunately are not isolated incidents: these are a reflection of core design decisions and how the language approaches software design as a whole. I stand by my point, which I'll define more precisely as: "A badly-designed language either makes it hard for developers to do good choices, or makes it easy for developers to do bad choices." PHP is not alone, but it is a prime example of this. You can disagree with this assessment - and that's OK. [1] https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/ [2] https://stackoverflow.com/questions/36867718/php-rename-fail... [3] https://stackoverflow.com/questions/11360511/php-rename-how-... | ||