On Thu, 2004-01-22 at 00:52, Martin Towell wrote:
> > [EMAIL PROTECTED] wrote:
> > >>Ok i found something very interesting
> > >>, i have a session var setup to check for a groupID which is an
> > >>integer,
> > >>
> > >>if ($_SESSION['groupID']==1) { this was working, then when
> > i changed it
> > >>to
> > >>
> > >>if ($_SESSION['groupID']===1) { per recomendation, it does
> > not now ! i
> > >>was going through my code and changing things, now i fear it may all
> > >>break ?
> > >>
> > >
> > >
> > > I changed it to if ($_SESSION['groupID']==='1') { and it
> > worked, why was
> > > that, is what i did before bad practice ?
> > >
> >
> > I think $_SESSION['groupID'] here is considered a string,
> > which is going
> > to evaluate to 0 (zero) in comparisons. Hence 0 === 1 will return
> > false. However, when you enclose the 1 in quotes, it becomes
> > a string
> > too for comparison, and will evaluate to 0. Someone correct
> > me if I am
> > mistaken.
>
> I think the first bit of what you're saying is right, but when '1' is used,
> then a string comparison between '0' === '1' is done since both are now
> strings (or am I mistaken?).
You are wrong :) His test for $_SESSION['groupID']==1 succeeds because
someone probably set the session value of 'groupID' to the string '1'.
Now that he is doing a comparison which includes type (===) it fails
because a string is not equal to an integer. This is why it succeeds
when he changes the test to '1'. What he had before
$_SESSION['groupID']==1 is perfectly fine as long as the group id is not
meant to be a string. For instance '1abcd' == 1, evaluates to true :)
But chances are the app only accepts numerical groupIDs and so the loose
check would be safe.
HTH,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
