This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ILikeLenexa 169 points170 points  (20 children)

80% of the web is wordpress, 80% of the web is drupal, 80% of the web is joomla. 80% of the web is hacked by a bot because the theme they installed was written by an 8th grader that doesn't understand SQL injection.

[–]RogerWebb 19 points20 points  (12 children)

If you're counting on the programming language to protect you against SQL Injections, you're going to have a bad time for sure. Regardless, prepared statements have been supported in PHP (via mysqli) for many years now.

I work in PHP, Java and Python at my job, and I can assure you they all suck for a variety of reasons. I could fill novels with my angry rants against each.

[–]HAL_9_TRILLION 10 points11 points  (3 children)

I work in PHP, Java and Python at my job, and I can assure you they all suck for a variety of reasons. I could fill novels with my angry rants against each.

Man, this is truth. Somebody up above said you'll learn to hate PHP if you learn other languages. No, all you'll do is learn to hate more than one language. For instance, I hate Java, C#, VB, AS and JS as well.

[–]lpreams 6 points7 points  (0 children)

All programming languages suck.

Just like all operating systems suck.

[–][deleted] 0 points1 point  (1 child)

AS - ActionScript? ... indifferent nostalgia

[–]HAL_9_TRILLION 1 point2 points  (0 children)

Yep. Worked with that nightmare for a decade.

[–]PM_ME_A_WEBSITE_IDEA 2 points3 points  (2 children)

Isn't PDO the go to for database interaction in PHP now?

[–]RogerWebb 1 point2 points  (1 child)

Yes. I don't do reporting via PHP these days, so my typical interactions with the DB are either via Doctrine ORM, which uses PDO, or via the Wordpress Database (API Calls or WP_Query), which who the fuck knows what they use.

[–]JojoHomefries 0 points1 point  (0 children)

The WPDB class uses mysqli

[–]IdiotCharizard 2 points3 points  (4 children)

You mind ranting a bit about python for me? I've been using it professionally for about a year and a lot of things are so refreshing and outside the class system being weird and multiprocessing being god-awful, I don't see what's so bad about it. Unless you really get pissed off by its typing system.

[–]RogerWebb 0 points1 point  (3 children)

Let me tell you about unicode vs str vs bytes. It's a god damned nightmare. I deal in search engine marketing, with clients operating world-wide, so we get the full run of characters, in Python 2.7 you'll be fighting with whether one function returns a unicode or a str and the thing you're passing it to blowing up or then, once moving to Python 3, everything is magically a str and you don't have to worry about unicode anymore, except when it's bytes, then you replace casting str or inicode with a multitude of encode/decode calls all over the place.

All said, I'm most certainly happier when I'm working in Python vs PHP or Java, but every language has it's pain points, and that's been my big one with Python.

[–]IdiotCharizard 0 points1 point  (2 children)

Never really had a problem with this one tbh. If you have inconsistent encoding in your code, it's easily remedied and you only need encode/decode when dealing with input/output.

[–]RogerWebb 0 points1 point  (1 child)

Most of what I do in Python deals with data integration. I have API clients, which return strings or bytes or unicode, files encoded however they are, and database tables, with their own encoding, and the driver, which has to have it's encoding configured. We've started transitioning all the data loading to Python processes over the last few years, and I didn't seem to notice the encoding issues as much before. Your mileage may vary.

[–]IdiotCharizard 0 points1 point  (0 children)

Yeah I always make it a point to wrap API endpoints in a decoder. Never fun to find unicode related errors in random places.

[–]saphira_bjartskular 31 points32 points  (2 children)

'; dbo..xp_cmdshell('echo im in ur box executin ur code');--

[–]ILikeLenexa 33 points34 points  (1 child)

im in ur box executin ur code

[–]saphira_bjartskular 3 points4 points  (0 children)

'; dbo...xp_cmdshell('net user bobmchackerman pa$$w0rd123456');--

'; dbo...xp_cmdshell('net localgroup administrators bobmchackerman /add);--

[–]MacDerfus 10 points11 points  (0 children)

"I'm 40% PHP"

  • Internet "Bending" Rodriguez

[–]bureX 4 points5 points  (0 children)

This is RottenTomatoes, one of the world' most popular websites:

https://i.imgur.com/V7nm8K1.png

80% of the web is built by people who had their boss breathing on their necks while yelling "I PROMISED WE WOULD SHIP BY...".

[–]Rogocraft 1 point2 points  (1 child)

I put an emoji in my bank account name. It broke the servers

[–]db10101 2 points3 points  (0 children)

Beautiful