Fwd: World friendlier printable invoices

Stuart D. Gathman stuart at gathman.org
Wed Oct 3 13:47:01 EDT 2007

On Wed, 3 Oct 2007, Josh Sled wrote:

> As for picking PHP as that language, I think it has some important marks in
> its 'Con' column.
> 1/ it appears to be a very large dependency (relative to perl or python)
> 2/ it's not already installed on system- or desktop- boxes (in the way perl
>   or python have been for a while now).
> 3/ it sucks.

3 is not very specific :-)  Let me help.  IMO the main problem with PHP
is its strength - the string subsitution model.  Shell programming has
the same problem for the same reason.  Code is built by string substitution
and then executed.  This make templating very easy and powerful, but
is a security and stability nightmare.  The problem is that it is 
*hard* to properly sanitize strings in PHP or unix shell so that they
don't do nasty things when substituted, and the result executed. 
Even accidentally nasty substitutions are common bugs.

When written properly for security, PHP code is more difficult and
harder to read (IMO) than equivalent code in a language that keeps
code and data at arms length.

 	      Stuart D. Gathman <stuart at bmsi.com>
Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

More information about the gnucash-devel mailing list