Re: Re: isset

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-02-15 at 16:22, M. Sokolewicz wrote:

> > Chris.
> that's a different issue.
> There are always at least 2 things you should do with your (expected) input:
> 1 - check if it *exists* (isset)
> 2 - check the validity (input-validation)
> 
> for step #2 empty is very commonly used, and also a very useful 
> function. However, you should never do #2 without #1, since that again 
> raises issues (of security, problems, unexpected input, etc)
> 
> Also note that empty($non_existent_var) will always throw an E_NOTICE 
> error when the variable in question is not set. isset() is the only 
> function/language-construct that can check for the existence of 
> variables without throwing an E_NOTICE.


This is not true and explicitly states so in the doc.  I had to reread
it to remember why I stopped using it.  empty will return true if the
value is one of several things "", "0", 0 to name a few.  Since I do not
consider these empty I stick with isset and then test for a valid value
depending on the circumstance.

Personally, I think people piss and moan too much about what I consider
proper coding practices.  Input validation is to important to skimp on.
Again it is my opinion.

I have been revisiting some php code that I wrote a couple of years ago
and have been pleasantly surprised at the job I did on input validation.

A similar complaint occurs when installing a new version of or moving
code to another box where register_globals is not on.  I pissed and
moaned and wailed for about 10 minutes until I thought about it and can
now see the value in not having unknown variables pollute the namespace.

Of course, since most of my code was already validating the variables, a
few :s/\$\(var\)/\$_GET[\1]/ iterations and I was good to go.  Yes it
took some time but I feel better having done it.

I just wish there was a use strict; sort of deal so I would not have to
hunt down logic errors due to mistyping a variable name.

Bret

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux