Re: what's the difference in the following code?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- Original Message ----

From: tedd <tedd.sperling@xxxxxxxxx>
To: Lamp Lists <lamp.lists@xxxxxxxxx>; php-general@xxxxxxxxxxxxx
Sent: Monday, October 20, 2008 8:25:50 AM
Subject: Re:  what's the difference in the following code?

At 10:58 AM -0700 10/17/08, Lamp Lists wrote:
>I'm reading "Essential PHP Security" by Chris Shiflett.
>
>on the very beginning, page 5 & 6, if I got it correct, he said this 
>is not good:
>
>$search = isset($_GET['search']) ? $_GET['search'] : '';
>
>and this is good:
>
>$search = '';
>if (isset($_GET['search']))
>{
>     $search = $_GET['search'];
>}
>
>what's the difference? I really can't see?
>to me is more the way you like to write your code (and I like the 
>top one :-) )?
>
>thanks.
>
>-ll


The problem here is you have to read and understand what the author 
is trying to say.

Chris is NOT saying that there is a difference between these two 
forms of code. He is saying that one hides the fact that the variable 
($search) is tainted while the other makes it more obvious.

The whole point of the first few pages is to show you how a variable 
can be tainted and how you can minimize that by following some very 
simple rules, one of which was simplicity, which you had problems 
following.

With just a little reading, you could have answered your own question.

Cheers,

tedd





how it's so obvious? I can't see it either?

-ll




PS: I'm back
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux