Frustrating TT-Forums.net - Graphics overview

[orudge]

Much of PHP's insecurities come from, as you say, people not being careful about what they include, or how they use their variables. For example:

mysql_query("SELECT * FROM kak WHERE x = $hello");

where $hello is just picked up from the query string. (It's good practice to turn register_globals off now). An alternative is just doing something like:

include("$page");

from a page referenced as blah.php?page=hello or something.

Anyway, that's off-topic, but if you program in PHP, take note of these things.