On Fri, Jun 19, 2009 at 07:52:40PM +0100, Ashley Sheridan wrote: > On Fri, 2009-06-19 at 12:36 +0100, Ford, Mike wrote: > > On 18 June 2009 20:25, LAMP advised: > > > > > using !empty() instead isset() will work if you don't care for PHP > > > Notice: Undefined variable... If you want to avoid PHP Notice > > > you have > > > to use both: > > > > > > $msg.= (isset($_POST['mort']) and !empty($_POST['mort'])) ? "The > > > mortgage amount is $mort\n" : " "; > > > > Absolute rubbish -- as it says at http://php.net/empty, "empty($var) is > > the opposite of (boolean)$var, except that no warning is generated when > > the variable is not set." -- so "protecting" empty() with an isset() is > > a total waste of time, space and cpu cycles. <snip> > > > To be honest, you're still opening yourself up to attack that way. Why and how? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
