Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:3934 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 16495 invoked from network); 14 Aug 2003 14:53:05 -0000 Received: from unknown (HELO asuka.nerv) (24.112.18.98) by pb1.pair.com with SMTP; 14 Aug 2003 14:53:05 -0000 Received: (qmail 14161 invoked from network); 14 Aug 2003 15:06:39 -0000 Received: from rei.nerv (HELO dummy.com) (rei@192.168.1.1) by asuka.nerv with SMTP; 14 Aug 2003 15:06:39 -0000 Reply-To: ilia@prohost.org To: "moshe doron" , internals@lists.php.net Date: Thu, 14 Aug 2003 11:07:02 -0400 User-Agent: KMail/1.5.3 References: <200308071447.03285.ilia@prohost.org> <20030814072704.49157.qmail@pb1.pair.com> In-Reply-To: <20030814072704.49157.qmail@pb1.pair.com> Organization: Prohost.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-ID: <200308141107.02183.ilia@prohost.org> Subject: Re: [PHP-DEV] Re: PHP 4.3.3RC3 Released From: ilia@prohost.org (Ilia Alshanetsky) First of all this discussion bares to relevance to the 4.3.3 release as sqlite is NOT part of this release. Secondly this is just plain silly. PHP is not and is not responsible for validating input. If the user chooses not to and consequently leaves their scripts vulnreable to SQL injection it is their fault and their fault alone. Ability to chain queries is an extremely useful feature that most database systems support (even MySQL as of version 4.0). To cripple or disable such functionality would be absolute idiocy not to mention break backwards compatibility to older versions where this was possible. Adding more run-time directives (as suggested by Hartmut Holzgraefe ) is a bad idea as it makes writing portable code extremely difficult as each system may have a drastically different behavior due to an ini option. Ilia