On Tue, April 10, 2012 1:27 pm, Stas Malyshev wrote:
> Hi!
>
>> Scroll down a bit; he gets into valid points about the == operator,
>> for instance. It's not a useless post. He does cite too many things
>> that he has to follow up himself by saying "this was fixed in PHP
>> 5.x.y." If it was fixed, why is it on your laundry list still?
>
> What exactly valid points? == is a converting operator, === is a
> strict
> operator. OK, in his favorite language it is not. Where exactly the
> valid point is? Author goes at great lengths to refuse to make even a
> slight mental effort to understand how it works (really, it's not that
> hard) and then complains it's "useless". Well, a lot of things would
> be
> useless if you don't want to know how to use them.
He has a few valid points in the part I read before I got bored...
$a = "123ABF453..."; //a password
$b = "123DFEABC..."; //another one
if ($a == $b){
//you're in.
}
Yes, one should have validated the input...
But you don't have to be THAT naive to think that the hashed value of
an SQL injection attack just isn't going to work, so it's "safe"...
I'll bet I have some of these in my (recent) code, for that matter.
On the other hand, if you accept type juggling, you have to expect the
other cases he has for == being a bit strange.
--
brain cancer update:
http://richardlynch.blogspot.com/search/label/brain%20tumor
Donate:
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=FS9NLTNEEKWBE
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
