I only know it because I have worked with it for a project
But they are a neat feature and one I would hope is supported by modern technologies. I not sure if that PHP one does work correctly and not, as Punky said might be the case, a glorified string.format.
---------- Post added at 21:23 ---------- Previous post was at 21:14 ----------
Quote:
Originally Posted by Raistlin
To be honest the original query was meant to be platform/language agnostic - so all/any comments/suggestions are being gratefully received 
Coding is something I haven't done much of, so whilst I understand the requirement to properly check/santise input and to use parameterised queries etc I've never actually had to do it - hence the reason for the original question.
I want to start coding more, but (being aware of the usual issues that people create for themselves by not doing it properly) I want to get into good secure habits from the start |
The thing is any book that covers only security might well be far too in-depth for what you need right now. They would be aimed at people trying to lock down an enterprise level application.
What stage are you at? I think that learning best practices in general regarding code reuse, readability, will be of greater benefit you than security. All you need to remember at the moment is DON'T TRUST YOUR USERS INPUT! Then learn the rest as you go...