On 19 June 2009 19:53, Ashley Sheridan advised: > On Fri, 2009-06-19 at 12:36 +0100, Ford, Mike wrote: >> On 18 June 2009 20:25, LAMP advised: >> >>> using !empty() instead isset() will work if you don't care for PHP >>> Notice: Undefined variable... If you want to avoid PHP Notice >>> you have >>> to use both: >>> >>> $msg.= (isset($_POST['mort']) and !empty($_POST['mort'])) ? "The >>> mortgage amount is $mort\n" : " "; >> >> Absolute rubbish -- as it says at http://php.net/empty, "empty($var) is >> the opposite of (boolean)$var, except that no warning is generated when >> the variable is not set." -- so "protecting" empty() with an isset() is >> a total waste of time, space and cpu cycles. >> >> Cheers! >> >> Mike >> >> -- >> Mike Ford, Electronic Information Developer, >> C507, Leeds Metropolitan University, Civic Quarter Campus, >> Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom >> Email: m.ford@xxxxxxxxxxxxxx >> Tel: +44 113 812 4730 >> >> >> >> >> >> To view the terms under which this email is distributed, > please go to http://disclaimer.leedsmet.ac.uk/email.htm >> > To be honest, you're still opening yourself up to attack that > way. What > I'd do is first assign the variable to a forced int, and then use that > result if it is >0: > > $mortgage = (isset($_REQUEST['mort'])?intval($_REQUEST['mort']):0; > > $msg .= ($mortgage > 0)?"The mortgage amount is $mortgage":""; Too true -- I have a parameter-checking system that does this automatically for me, so I tend not to think of it when writing actual processing code. My bad, probably, but good catch. Cheers! Mike -- Mike Ford, Electronic Information Developer, C507, Leeds Metropolitan University, Civic Quarter Campus, Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom Email: m.ford@xxxxxxxxxxxxxx Tel: +44 113 812 4730 To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
