On Tue, July 25, 2006 11:41 pm, Paul Scott wrote:
> I have googled around a bit, but not really found anything useful...
>
> Which is more efficient? A case switch or a $$method style method?
>
> An example:
>
> switch($action) {
> case 'edit':
> //do some stuff
> .......
> return "edit_tpl.php";
>
> case 'whatever':
> //blah
> ......
> ......
> }
>
> OR:
>
> $method=$this->convertToMethod($action);
A user-defined function will almost always be more expensive than a
built-in language construct...
If you were willing to just do:
$this->$action();
and to hell with validating $action to be sure it was kosher, it would
be faster...
But your validation of $action to be sure it's not an internal method
you don't want them calling would probably look something like:
switch($action){
case 'known_action':
case 'other_action':
return true;
break;
default:
error_log("Possible hack attempt $_SERVER[REMOTE_ADDR]");
echo "Invalid Action";
return false;
break;
}
So now you have a switch/case just as big as you would have had anyway.
> unset($action);
> return $this->$method();
>
> Hope this is reasonably clear... Note the return on the latter code.
>
> If anyone has any ideas around this, please let me know! Are there
> underlying security risks in doing it this way?
If convertToMethod() is not checking against a known list of valid
'action' you are making a security hole.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
