Python or PHP?

[Alan Little]

Steve Holden <steve at holdenweb.com> wrote:

>Your statement then becomes
>
>select * from foo where bar=1; drop table foo
>
>which is clearly not such a good idea.

I'm sure Steve is very well aware of this and was just providing a
simple and obvious example, nevertheless it might be worth pointing
out that anyody who connects their web application to their database
as a user that has DROP TABLE privileges, would clearly be in need of
a lot more help on basic security concepts than just advice on
choosing a programming language.

This goes back to the point somebody made earlier on in the thread -
many web applications can be implemented as fairly simple wrappers
around properly designed databases. "Properly designed" includes
giving some thought to table ownership and privileges.