alt Hacker NewsThat actually makes it more confusing since a 25 year old PHP application is exactly where you'd expect to find SQL injection vulnerabilities.
If I were in charge of a 25 year old PHP application, tracking down every SQL query and converting it to a safe form would high on my list of priorities. You don't need AI for that, just ripgrep and a basic amount of care for your users.
Replies
otabdeveloper4 • yesterday at 5:47 PM
Replacing/automating manual ripgrep is a top-1 use case for AI though.
➕ show 1 reply
Most (proprietary) 25 year old PHP codebases I've seen are a huge mess riddled with issues, exuberant loc, mix of tabs and spaces and weird indentation, dry violations, slightly diverging code blocks copy-pasted all over the place, etc., etc. Resolving technical debt (let alone reviewing the "stuff that works" like SQL queries) is often low priority because it's tedious and does not create any "business value".