Looking for software development internships? Hackr.io is hiring!

PHP The Right Way (phptherightway.com)

Visit Tutorial
Free
Top Three Medal #1 out of total 52 PHP Tutorials and Courses 27k+ views

submitter

Khairul Anuar
1350 points

Why programmers like this tutorial?

Content quality

Qualified Instructor

Course depth and Coverage

Video quality

Course Pace

Write your review of this tutorial:

You can also ask questions or provide any information that might be helpful to the people taking this course.

Matthias Hogerheijde
4 years ago

Right,.. the "right way",.. and it is telling us to execute arbitrary code over the network by running "curl -s https://getcomposer.org/installer | php"... that's wrong on so many levels.

Gaurav Gupta
Gaurav Gupta 42491 Points

@matthias-hogerheijde You can always download the code and see what you are installing. Isn't that the same with almost everything else?

Matthias Hogerheijde

@gaurav-gupta It is not the same, because you need a level/web of trust. The act of trusting https://getcomposer.org/installer is not wrong in and of itself, teaching people to blindly copy-paste a command that does remote-code execution is the point that I'm fussing about. We should teach everyone to *first* find out what the level of trust is they put in something. Either by looking at the code and understanding it; or by making sure others (that you trust) have. So the least you should do is explain _why_ you trust the content of https://getcomposer.org/installer _before_ you tell others to blindly run that code. Then, I can figure out if your trust in them means anything to me. If so, I'll follow your advice. If not: I need to double-check.

Again: it's not about the actual command; it's about telling people that this is normal. It shouldn't be.

Square Boat
Square Boat 10 Points

@gaurav-gupta @matthias-hogerheijde Yups, you're right.

Mdimran Khan016
Mdimran Khan016 10 points
2 months ago

basic php code

Leo Torres
Leo Torres 10 points
8 months ago

How up to date is this?