Why PHP is not safe

Recently I met two customers , Said a question that made me a little suspicious of life ：php unsafe
Be me php Decade , This problem started with me php I heard that , But I never took it seriously .
My college major is .net, My job after graduation is to develop , however .net Development and debugging of 、 modify bug The process is very urgent , It may also be caused by insufficient level at that time .
Once in a while, I came into contact with the project php, To be exact, contact with thinkphp, Projects in other languages are php It seems too bloated and cumbersome in front of me , Then on php It just got out of hand .
Until recently, two large customers asked this question , After I tried my best to explain the reason, I had to recall whether what I explained seemed more obvious .
Back to the point ：
1. For the non professional development customer group ,php The reason for insecurity is that their company's official website is suspended , Notice that this is " Official website ", Why do you say that? , The official website quotation of a custom design is generally in 5k To ten thousand , It does not rule out that big factories have high requirements . But if the quotation for a template is about 1000, it will be done , Even lower , A company is seldom willing to spend tens of thousands to do one java perhaps .net Its official website . The most common is to find a set cms Change directly , Common are phpcms, The empire cms, Dream weaving, etc , These sets cms Are no longer updated and maintained , Online downloads are all older versions , Loopholes have long been all over the network , Niche cms Let alone . therefore , The more you use, the more questions you ask .
2. Programmers like php The reason is that it is simple or convenient , Take a chestnut , Use one if($xx) Can judge xx Use not used as a condition to perform the next step ,java or .net First, ensure the data format , Then we can judge whether it is empty or true. therefore , The simpler things are, the easier they are to be broken
3. Development issues , What I have more contact with is thinkphp and yii frame , The system is rarely said to be hacked , It doesn't mean that you need a frame to prevent being hacked , It is only the composition of the framework that avoids the emergence of loopholes , Just take it url In terms of parameters , Use within the framework is handled , Use directly without treatment , Just like streaking .

– Too busy , Write again when you have time