Re:You are contradicting yourself. (Score 1)

It's fairly trivial to turn off url wrappers to where that is not possible. And again, it's not PHP's fault that people create programs that just blindly accept includes for variables in a POST or query string. If someone is doing that kind of crap we don't call them 'programmers' we call them 'hacks'. Should I say perl is the worst language ever because an old version of agora allowed you to execute shell commands? or maybe I should say that because old versions of AWStats use to allow people to place their own files on your server. Oh wait...no...no...let's say C/C++ is a crappy language because it's soooo easy to write code that allows buffer over runs... Curse Larry Wall and Bjarne Stroustrup