News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

TheDailyWTF.com:
Client-Side PHP
April 13, 2006 @ 07:03:29

The Daily WTF post for today bears mentioning if for nothing less than to show how to not do things. It has an interesting twist on the whole Ajax craze that's going on in the web today, and takes it to a really scary, pointless level.

The introduction of the XMLHttpRequest component (*) opened the doorway for a new breed of "fancy schmancy" web applications like Flickr, GMail, etc. This, in turn, spawned an entire sub-industry and a new series of buzzwords seemingly based on the names of household cleaning chemicals. It even incremented the current version of the Internet to 2.0.

That said, it should come as no surprise that this Borax-technology has also empowered "certain programmers" to create new perversions in information technology never imagined before. Gustavo Carvalho discovered what happens when XMLHttpRequest and the Eval() function in PHP are combined. I'll leave it to your immagination as to what the server-side looks like ...

You should definitely check out the code on this one - using evil() is bad enough, but passing code back to the PHP server like that is just wrong (and a huge security hole).

1 comment voice your opinion now!
thedailywtf client-side ajax xmlhttprequest eval thedailywtf client-side ajax xmlhttprequest eval



Community Events





Don't see your event here?
Let us know!


testing threedevsandamaybe install laravel community series configure language list release code framework unittest developer refactor opinion podcast wordpress introduction interview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework