At 6:37 AM -0700 10/20/08, Lamp Lists wrote:
----- Original Message ----
From: tedd <tedd.sperling@xxxxxxxxx>
To: Lamp Lists <lamp.lists@xxxxxxxxx>; php-general@xxxxxxxxxxxxx
Sent: Monday, October 20, 2008 8:25:50 AM
Subject: Re: what's the difference in the following code?
At 10:58 AM -0700 10/17/08, Lamp Lists wrote:
>I'm reading "Essential PHP Security" by Chris Shiflett.
>on the very beginning, page 5 & 6, if I got it correct, he said this
>is not good:
NO, you did not get it correct.
how it's so obvious? I can't see it either?
-ll
Re-read those paragraphs.
He was not telling you that one way was better than the other. He WAS
saying that one way showed the tainted variable more obvious than the
other -- that's all.
I hate it when people take things out of context and misquote others.
Chris did not say that one way was better, or different, than the
other. But rather he used two sets of code to illustrate a point.
Again, re-read those paragraphs.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
