rfc:sql_injection_protection

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rfc:sql_injection_protection [2015/07/28 16:50]
matttait
rfc:sql_injection_protection [2017/09/22 13:28] (current)
Line 3: Line 3:
   * Date: 2015-07-22   * Date: 2015-07-22
   * Author: Matt Tait, matttait#​at#​google.com   * Author: Matt Tait, matttait#​at#​google.com
-  * Status: ​Draft+  * Status: ​Under discussion
   * First Published at: http://​wiki.php.net/​rfc/​sql_injection_protection   * First Published at: http://​wiki.php.net/​rfc/​sql_injection_protection
 +  * You can [[http://​phpoops.cloudapp.net/​oops.php||try it online]] ([[http://​phpoops.cloudapp.net/​oops.php?​action=main&​dbg_sql&​limit=4%20ohdear|spoiler]])
  
 ===== Background ===== ===== Background =====
Line 200: Line 201:
  
 ===== Unaffected PHP Functionality ===== ===== Unaffected PHP Functionality =====
-This change is designed to have the minimum user-visible impact for websites ​that do not use SQL, or who use it in a safe way.+Websites ​that already adopt security-best-practice of only issuing dynamic queries to their SQL database via parameterized SQL statements with constant parameter-strings will see no change when this proposal is adopted.
  
 ===== Future Scope ===== ===== Future Scope =====
Line 206: Line 207:
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
-This requires a 50%+1 vote to be adopted.+This does not introduce any syntax changes to the PHP language, and therefore ​requires a 50%+1 vote to be adopted.
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
rfc/sql_injection_protection.1438102202.txt.gz · Last modified: 2017/09/22 13:28 (external edit)