Re: [PHP-DEV] Security Issues - a bit of my experience

[Zeev Suraski]

At 01:22 30/07/2001, Phil Driscoll wrote:
>I agree - to my mind empty is broken in this respect and also in the respect
>that it returns true for a string containing '0'. Consequently I (and I
>assume everyone else, unless I'm missing some occasion that this behaviour is
>useful) can never use empty in my code.
>
>Zeev was recently saying that he believed empty() was not as popular as
>isset() - and I suspect this is the reason.

My guess is that empty() came into the language at a much later stage.


>I think that empty() (for scalars) really should behave thus:
>
>function empty($var)
>{
>  return !(isset($Var) && strcmp($var,''));
>}
>
>as this is what needs to be done over and over again to validate form input.
>Maybe people really do use empty, so changing the behaviour will break loads
>of code. In which case an extra parameter $Useful, could be set to true to
>give useful behaviour :)

I don't think we can change the behavior of empty() at this stage...

Zeev


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]