Re: [PHP] is there a problem with php script pulling HTML out of database as it writes the page??

On 7/17/08, Stut <stuttle@xxxxxxxxx> wrote:

On 17 Jul 2008, at 14:10, tedd wrote:

At 10:28 PM +0100 7/16/08, Stut wrote:

Oh, and you'd be working for me so bear that in mind ;)

-Stut


It's no wonder why you haven't found anyone. :-)


Thanks for that tedd.

Seriously though, I'm wondering if my expectations are too high... I expect
them to know that addslashes is not adequate protection against SQL
injection. I even had one tell me "SQL injection? I can't remember but I'm
sure I've used it before". And I won't even go into the guy who asserted
that he's always worked with DB administrators who've dealt with security
issues so he'd never needed to learn about it.

Am I expecting too much?!?

-Stut


Surely you're being rhetorical, Stut, but no, you're not expecting too much.
However the guy(s) who worked in a larger organization likely did have a
very clear delineation of roles and responsibilities, as I am experiencing
in a new position, and therefore may not be current on best practices in
areas outside of their role. When my group leader instituted the current
policy regarding job functions, a number of the open source guys decided
their unused skills were eroding and/or they were not being exposed to new
learning, and they left the company.

--David.