On Fri, 2009-06-19 at 12:36 +0100, Ford, Mike wrote: > On 18 June 2009 20:25, LAMP advised: > > > using !empty() instead isset() will work if you don't care for PHP > > Notice: Undefined variable... If you want to avoid PHP Notice > > you have > > to use both: > > > > $msg.= (isset($_POST['mort']) and !empty($_POST['mort'])) ? "The > > mortgage amount is $mort\n" : " "; > > Absolute rubbish -- as it says at http://php.net/empty, "empty($var) is > the opposite of (boolean)$var, except that no warning is generated when > the variable is not set." -- so "protecting" empty() with an isset() is > a total waste of time, space and cpu cycles. > > Cheers! > > Mike > > -- > Mike Ford, Electronic Information Developer, > C507, Leeds Metropolitan University, Civic Quarter Campus, > Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom > Email: m.ford@xxxxxxxxxxxxxx > Tel: +44 113 812 4730 > > > > > > To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm > To be honest, you're still opening yourself up to attack that way. What I'd do is first assign the variable to a forced int, and then use that result if it is >0: $mortgage = (isset($_REQUEST['mort'])?intval($_REQUEST['mort']):0; $msg .= ($mortgage > 0)?"The mortgage amount is $mortgage":""; Thanks Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
