You know, that's a cute statement if you know that code like this exist outside. Not SQLi enough? Try this.
Oh, and the first one that says POD is the new awesomeness and I should stop using deprecated features should go outside for a second and get a reality check

The point I'm trying to make is that PHP is a garbage piece of shit of a language. And no, I'm not talking about the fact that operators like ++ and -- are absolutely insane or that the truth table looks like someone simply emptied out a bucket of alphabet soup. The naming convention is horrible, by default PHP is absolutely insecure and pollutes the global namespace(!!!!!!!!!) with third party input without validation.
And the worst part is that the oh so awesome tutorials from the internet you are talking about are terrible, terrible and then some more terrible. The problem with PHP is that it gives web developers exactly what they want, without caring wether that's actually a good idea or not. I mean, most functions return false on error and don't log anything. Like... Hello? Could you all please stop smoking crack for just one second?


Yes. You know why? Because security is a process, not a state. The same way WordPress can be hacked, or anything really. Rolling your own software is not the solution to this, if anything, it's probably more decremental to your security. And I say that knowing very well about the state of security in most PHP libraries.

Your point is moot, your self written package can just as easily be hacked. Obscurity is, if anything, an additional layer of protection, but should never ever be the only one. And you advocate (at least implied) security through obscurity right there, and that should make you feel really bad.


Good god, the "not here invented syndrome" is strong with you. Have you ever though about a career at Microsoft?


Man, the whole *aaS industry will be pissed when they find out that no one pays for their services.