rfc:sql_injection_protection

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:sql_injection_protection [2015/07/28 16:50] matttaitrfc:sql_injection_protection [2015/07/28 18:09] matttait
Line 3: Line 3:
   * Date: 2015-07-22   * Date: 2015-07-22
   * Author: Matt Tait, matttait#at#google.com   * Author: Matt Tait, matttait#at#google.com
-  * Status: Draft+  * Status: Under discussion
   * First Published at: http://wiki.php.net/rfc/sql_injection_protection   * First Published at: http://wiki.php.net/rfc/sql_injection_protection
 +  * You can [[http://phpoops.cloudapp.net/oops.php||try it online]] ([[http://phpoops.cloudapp.net/oops.php?action=main&dbg_sql&limit=4%20ohdear|spoiler]])
  
 ===== Background ===== ===== Background =====
Line 200: Line 201:
  
 ===== Unaffected PHP Functionality ===== ===== Unaffected PHP Functionality =====
-This change is designed to have the minimum user-visible impact for websites that do not use SQL, or who use it in a safe way.+Websites that already adopt security-best-practice of only issuing dynamic queries to their SQL database via parameterized SQL statements with constant parameter-strings will see no change when this proposal is adopted.
  
 ===== Future Scope ===== ===== Future Scope =====
Line 206: Line 207:
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
-This requires a 50%+1 vote to be adopted.+This does not introduce any syntax changes to the PHP language, and therefore requires a 50%+1 vote to be adopted.
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
rfc/sql_injection_protection.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools