tedd wrote:
At 5:41 PM -0400 7/19/07, Eric Butera wrote:
On 7/19/07, tedd <tedd@xxxxxxxxxxxx> wrote:
But, Rasmus gave me this:
$action = isset($_GET['action']) ? $_GET['action'] : null;
Since you're responding to someone else asking about such things where
there is the chance someone can just copy & paste... There really
should be a whitelist against your actions. This has the benefits of
making sure you know that your program is going to work as expected
whether or not a user is trying to be malicious or they copied the URL
incorrectly, etc.
This:
$action = isset($_GET['action']) ? $_GET['action'] : null;
Becomes:
$actions = array('one','two');
$action = (!empty($_GET['action']) AND in_array($_GET['action'],
$actions))
? $_GET['action'] : null;
Eric:
Point well taken about asking a question in a question -- I'll try not
to next time.
So, did Rasmus provide a problematic solution?
Yeh that works fine (with the additional checks that Eric suggested).
But you're missing the point from the OP.
He wanted to AVOID having to do something to the effect of:
$var = null;
if (isset($really_long_var_name_here)) {
$var = $really_long_var_name_here;
} else {
$var = 'default_value';
}
Where $really_long_var_name_here is listed multiple times.
The function here: http://marc.info/?l=php-general&m=118476858504463&w=2
should do the trick but test for yourself.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
