[thelist] Re: PHP vrs Perl - 15 rounds

John.Brooking at sappi.com John.Brooking at sappi.com
Tue Mar 9 08:00:13 CST 2004


Hello, list,

It's been very informative to me listening to this, since I know Perl but
not PHP. Two years ago I started a simple site data management system
(Shoestring CMS, which I've referred to several times on this list) in Perl,
but have since reconsidered whether I should have used PHP (or maybe
Python?). However, it's always seemed more important to just get it done
(especially since it's a personal project which I can't afford to devote
large amounts of time to at once) than to rewrite it in a different
language. Although I'm still not ruling it out for the future.

One thing I think is good about Perl is "taint mode", where it protects you
from using data from outside the program in dangerous ways. If a variable
contains data received from environment variables, HTTP requests, and so on,
you cannot use it in a dangerous call such as running a system command or
opening a file with that name, until you've checked it to make sure it's
clean. (How you check it is up to you, so of course it's not foolproof, just
something to force you to stop and think about it in case you haven't.) Most
experienced Perl programmers, and many service providers, will tell you that
you should *always* use taint mode for CGI programs, and so I do.

Does PHP have anything similar? (The first two result pages of searching
Google for "PHP taint mode" didn't reveal anything that would make me think
so.)

- John

This message may contain information which is private, privileged or
confidential and is intended solely for the use of the individual or entity
named in the message. If you are not the intended recipient of this message,
please notify the sender thereof and destroy / delete the message. Neither
the sender nor Sappi Limited (including its subsidiaries and associated
companies) shall incur any liability resulting directly or indirectly from
accessing any of the attached files which may contain a virus or the like. 


More information about the thelist mailing list