ext_214511 ([identity profile] smin.livejournal.com) wrote in [personal profile] dtm 2007-04-16 09:26 am (UTC)

PHP suffers from the same issue with the <?= syntax. I considered writing an extension to add a <?~ operator which would output htmlspecialchars()'d strings but I never got starting with it. In the same vain as the statement above on JSP but in PHP, why are the two most important functions from an XSS and SQL injection perspective, htmlspecialchars() and mysql_real_escape_string(), the longest function names in the language?
(10 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting
 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.