If this were a map, say in Python, then the programmer would have to supply the value $i (or in Python, just i) with an ++$i (or in Python i+=1). This can be done in PHP too, so there is no disadvantage to what PHP supports. The problem here is that the programmer is putting dynamic code in the SQL query without sanitizing it first. So what if it is supposed to be variables that are not supposed to be affected by the user? The first rule of preventing SQL injection is to use ZERO outside string variables, even those ostensibly created by your own code. If the data _or metadata_ (i.e. array keys) came in through a function argument, then it is NOT CLEAN.

Of course, the "natural way" to write code is often riddled with buffer overflows, SQL injection, and other naive security issues. This is why you hire a programmer with experience, just as with any other profession. There is no end to the problems with PHP, but this particular bug is not one of them.

My Note 3 cat get _three days_ out of a single charge because I don't leave the internet connected and I don't have faceschmuk / viber / fartsapp pinging home every N seconds. I charge it every night anyway.

Don't make me wait to open the camera, give me the best performance and don't spare the battery just because _other users_ can't disconnect from the internet ever.

That is exactly the profile of China's top fighter pilot:
http://en.wikipedia.org/wiki/L...

Hi Jane. After some deliberation I see that you are in fact correct. I apologize for the comment, and I encourage those with mod points to downvote GPP (my post):
http://slashdot.org/comments.p...

Thank you for demonstrating why using something other than Skype itself is not a feasible solution for the average user.

I see, thank you.

Thank you. That seems to explain why Bjork's dress has it's own wikipedia article.

How should I mod this? It deserves a downvote, but it is not overrated (rated 0), not flamebait, nor a troll. It's not even redundant.

It's just plain wrong.

I meant to attach that comment to the grandparent. The comment to which I replied was the correct one.

How should I mod this? It deserves a downvote, but it is not flamebait, not overrated (rated 0) nor a troll. It's not even redundant.

It's just plain wrong.

I know developers who could not install the text editor that they edit PHP with. I'm not joking, and I have to deal with them regularly.

Go google for "php prepared statements in clause" and see how the very first result is a "solution" that is vulerable to SQL injection.

What does it mean to stream an application? Data can be streamed, but an application is interactive.

Plesk has a test.cgi file enabled by default. Here, go exploit all these hosts:
https://www.google.com/search?...

Thanks. I did untrust the obvious ones, such as the Turkish and Chinese certs, however the list is long and I'd like to tighten the security a bit. Is there any way to see which certs I've actually _used_ so that I could start making informed decisions? Take for example "Trustis Limited". On what basis would I decide to keep or leave it.

I don't mean to be a pain, but you seem to be the only person who understands this subject. Even googling the subject does not return many useful links. Thanks.