On Sun, May 6, 2012 at 12:17 AM, Richard Lynch <c...@l-i-e.com> wrote: >> What exactly valid points? == is a converting operator, === is a >> strict >> operator. OK, in his favorite language it is not. Where exactly the >> valid point is? Author goes at great lengths to refuse to make even a >> slight mental effort to understand how it works (really, it's not that >> hard) and then complains it's "useless". Well, a lot of things would >> be >> useless if you don't want to know how to use them. > > He has a few valid points in the part I read before I got bored... > > $a = "123ABF453..."; //a password > $b = "123DFEABC..."; //another one > if ($a == $b){ > //you're in. > } > > Yes, one should have validated the input... > > But you don't have to be THAT naive to think that the hashed value of > an SQL injection attack just isn't going to work, so it's "safe"... > > I'll bet I have some of these in my (recent) code, for that matter. > > On the other hand, if you accept type juggling, you have to expect the > other cases he has for == being a bit strange.
Validated or not, why would type juggling even come into the picture if both variables are of the same type? 123 == "123abc" // sure, why not "61529519452809720693702583126814" == "61529519452809720000000000000000" // WAT?! In the above, only the first ~50% of an md5 hash has to be correct. This gets even worse for SHA256 hashes. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php