NYCPHP Meetup

NYPHP.org

[nycphp-talk] Promote Secure Coding

Anthony Ferrara ircmaxell at gmail.com
Thu May 22 17:10:20 EDT 2014 

> Not bothering to address the rest of your comments since they seem to be based on a misunderstanding.

No they are not. My point was that you shouldn't be doing `echo "Hello
$name"` in the first place.

So the rest of my comments actually fit right inline. Please give them
another read, and see the justifications I used for saying people
should not be using `echo "Hello $name"`, rather than dismissing me
for saying that you shouldn't without even giving it a thought.

Anthony

On Thu, May 22, 2014 at 4:21 PM, Gary Mort <garyamort at gmail.com> wrote:
>
> On 05/22/2014 11:35 AM, Anthony Ferrara wrote:
>>
>> Gary,
>>
>>
>>> Consider the secretary updating their company website.  They have been
>>> told
>>> that they need some landing page to say "Welcome <name>" at the top.
>>>
>>> The pages are mostly html with a bit of PHP here and there.  So they go
>>> to
>>> an online tutorial, go through steps 1-4 where they learn about "hello
>>> world" which is a simple little tutorial of
>>> $name = $_GET['name'];
>>> echo "Hello $name";
>>
>> Who said to `echo "Hello $name"`? I sure didn't.
>
>
> That was stated in my original post.  I thought I was quite clear that this
> method was for a specific class of users and I gave the example.
>
> This is the common instructional pattern for teaching others PHP. They
> almost all start with "Hello World" and follow it with "Hello $name" where
> $name directly from $_GET['name']
>
> That's why I made an effort to avoid using the pronoun "you" when discussing
> using this method.   IE I did not say "you" should use this method meaning
> Anthony...  nor did I say "you" to refer suggesting people on this e-mail
> list should use this method.
>
> The only time I deliberately use the word "you" is in the actual text of my
> proposed "before you begin learning PHP programming" because there the
> pronoun you refers directly to the individual who doesn't know PHP at all
> yet.
>
> Not bothering to address the rest of your comments since they seem to be
> based on a misunderstanding.
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation

More information about the talk mailing list