Vedanta Barooah wrote:
the code below was talking of function declarations ... reffer to the thread. will code injection in case of function declarations work? I am not sure!!
OK. But even so add($a,$b,$c) !== add($a = null, $b = null, $c = null)
;)
<?php function add($a,$b,$c){
These arguments ($a, $b, and $c) are all *required* arguments. If you definition was:
function add($a, $b = null, $c = null)
Then you don't have to pass *any* arguments *except* for the first one.
return $a+$b+$c ; } echo add(2,null,3); # even if you pass the value of $b in the url as a get or post param... it wont work. ?>
The variables inside a function are not in the global scope so you are ok here. However if you ever plan on calling this function with uninitialized variables then it is quite likely some fool is going to do what I previously suggested, i.e.
<?php
/** Page called with ?a=22 appended to URL */
function add($a,$b,$c) { return $a+$b+$c; }
$total = add($first, $second, $third);
/** You think this will be 0, but with register_globals this is actually 22 */
echo $total;
?>
thanks, vedanta
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php