recognized that... but in all honesty, if you're going to write an app, and you're going to do something with the data, it makes sense to me that you 'know'/ensure that you're dealing with the correct kind of data. as i see it, this allows you another way (low entropy) to determine that the information you're getting is correct/valid. it also allows you to know what functions you should/shouldn't preform on the data... my $0.02 worth... thoughts... -bruce -----Original Message----- From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx] Sent: Wednesday, September 21, 2005 5:00 PM To: bedouglas@xxxxxxxxxxxxx Cc: 'Chris Shiflett'; 'Mikey'; 'PHP Mailing Lists' Subject: RE: security/sql issues with php On Wed, 2005-09-21 at 19:54, bruce wrote: > but now that you're talking about ints/strings/floats, aren't you now > getting into data typing issues... which gets into the correct/appropriate > archistecture of your app, variable namespace issues, etc... Nope, just showing that adding 0 to data retrieved from $_GET does not necessarily result in an int. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
