|
|
|
|
|
|
by jlesk
3161 days ago
|
|
|
This is why I introduced LockStrings as a key feature of THT (a language that compiles to PHP). It takes the opposite approach to Perl's taint mode. You mark string literals as safe -- everything else is untrusted. Functions that do risky things (Database, System calls, etc.) only accept LockStrings and are responsible for escaping, so all you have to do is provide the placeholders. https://tht.help/tutorials/language-tour#lock-strings |
|
|