| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by zarzavat 56 days ago
	That actually makes it more confusing since a 25 year old PHP application is exactly where you'd expect to find SQL injection vulnerabilities. If I were in charge of a 25 year old PHP application, tracking down every SQL query and converting it to a safe form would high on my list of priorities. You don't need AI for that, just ripgrep and a basic amount of care for your users.

2 comments

whythismatters 56 days ago

Most (proprietary) 25 year old PHP codebases I've seen are a huge mess riddled with issues, exuberant loc, mix of tabs and spaces and weird indentation, dry violations, slightly diverging code blocks copy-pasted all over the place, etc., etc. Resolving technical debt (let alone reviewing the "stuff that works" like SQL queries) is often low priority because it's tedious and does not create any "business value".

link

otabdeveloper4 56 days ago

Replacing/automating manual ripgrep is a top-1 use case for AI though.

link

pseudalopex 56 days ago

Their point was a competent team would have done this since 10 or 20 years I thought.

link