Hacker News new | ask | show | jobs
by imanaccount247 4195 days ago
>Does Perl, Python or Ruby have built-in automatic escaping and sanitization?

No, of course not. That's very much the point. PHP's broken attempt at that created security holes.

>On top of that all three of those languages require additional setup

No they don't. It is just that someone else has already done the setup for you with PHP at most cheapo hosting companies. Installing python is no harder than installing PHP.

>(Especially Ruby with RoR shudder)

You are comparing a framework to a language. Rails is no harder to setup than any of the PHP frameworks like zend or symfony.
1 comments
zapt02 4195 days ago
Providing sanitization functions 10 years ago is broken to you? If you check my earlier post you'll see that prepared statements are widely used nowadays. Escaping functions like htmlentities() are also still effective.

You are right, there are a bunch of hosting company providing 0-config PHP, but setting it up in any distro is also never more than one command away, unlike the other languages mentioned.

Regarding Ruby and RoR, I can't even find a tutorial on how to run Ruby under FastCGI, and RoR appears to be the de facto way to run Ruby websites, so if having a framework is required to run any non-trivial Ruby website, then it has to go into the "hard to configure" part of the argument regardless of semantics.

link
imanaccount247 4195 days ago
>but setting it up in any distro is also never more than one command away, unlike the other languages mentioned.

No, exactly like the other languages mentioned. If you are seriously going to try to pretend installing python or ruby or perl is harder than installing PHP then you can't expect anyone to react as if you are being serious and genuine.

>I can't even find a tutorial on how to run Ruby under FastCGI

That sounds like a serious problem. I would suggest looking for a local "introduction to computers" type class. They tend to teach basic usage of windows and the web, including how to use google to search for things. I think it would help you a lot.

>and RoR appears to be the de facto way to run Ruby websites

While I'm sure the rails guys must be flattered, I don't know how you got that appearance. There's a whole bunch of frameworks, just like with PHP. And you don't need to use any of them, just like with PHP. But of course, you know all this and are just trolling.

link
zapt02 4194 days ago
Since you are resorting to ad hominem attacks without tackling the actual points, I am not going to dignify your post with an answer.
link