tedd schreef: > At 6:37 AM -0700 10/20/08, Lamp Lists wrote: >> ----- Original Message ---- >> >> From: tedd <tedd.sperling@xxxxxxxxx> >> To: Lamp Lists <lamp.lists@xxxxxxxxx>; php-general@xxxxxxxxxxxxx >> Sent: Monday, October 20, 2008 8:25:50 AM >> Subject: Re: what's the difference in the following code? >> >> At 10:58 AM -0700 10/17/08, Lamp Lists wrote: >> >I'm reading "Essential PHP Security" by Chris Shiflett. >>> >> >on the very beginning, page 5 & 6, if I got it correct, he said this >> >is not good: > > NO, you did not get it correct. > > >> how it's so obvious? I can't see it either? >> >> -ll > > > Re-read those paragraphs. > > He was not telling you that one way was better than the other. He WAS > saying that one way showed the tainted variable more obvious than the > other -- that's all. > > I hate it when people take things out of context and misquote others. > Chris did not say that one way was better, or different, than the other. > But rather he used two sets of code to illustrate a point. seems to me the point being illustrates is not at all objective in it's premise. I find the the ternary syntax easier to read/grok than the 3 liner. in both cases you need to understand the 'if' context to see when the variable is tainted. all that can be said is that one way is more obvious that the other to *Chris*, which doesn't do anybody but Chris much good ... obviously it's a rather silly point ... the useful parts of Chris' work revolve around where he explains *how* to validate/cleanse the tainted value ... extracting the goodness is a matter of evaluating and possibly disregarding statements/information which are secondary and/or irrelevant. > > Again, re-read those paragraphs. > > Cheers, > > tedd > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php