Re: [PHP] Re: what's the difference in the following code?
On Sun, Oct 19, 2008 at 11:12 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
> On Sun, 2008-10-19 at 23:02 -0400, Andrew Ballard wrote:
>> On Sat, Oct 18, 2008 at 2:34 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
>> >
>> > On Sat, 2008-10-18 at 08:44 -0700, Yeti wrote:
>> > > I would understand it if it was like this ..
>> > >
>> > > > > > $search = isset($_GET['search']) ? $_GET['search'] : '';
>> > > # versus
>> > > if (isset($_GET['search'])) { $search = $_GET['search']; }
>> > > ?>
>> > >
>> > > In the first statement $search would either be set to $_GET['search']
>> > > or an empty string, whereas in the second statement $search would only
>> > > be set, if there is a $_GET['search']
>> >
>> > Wrong. They are equivalent. The second is probably just easier to follow
>> > with a clearly defined default value outside the conditional block.
>> >
>> > Cheers,
>> > Rob.
>>
>> No, they are not. In the first statement, $search is the value of
>> $_GET['search'] if the key exists, or an empty string if it does not.
>> In the second statement, $search is the value of $_GET['search'] if
>> the key exists or retains its original value if the key does not
>> exist.
>
> Yes, I didn't realize Yeti had changed the OP's code which convoluted
> the issue since his version wasn't what I was responding to and I didn't
> realize he dropped a line from the OP's code.
>
> Cheers,
> Rob.
Yup. :-) Those are the ones that get you. Especially when it happens
in actual code and not just a mailing list post.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: what's the difference in the following code?
On Sun, 2008-10-19 at 23:02 -0400, Andrew Ballard wrote:
> On Sat, Oct 18, 2008 at 2:34 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
> >
> > On Sat, 2008-10-18 at 08:44 -0700, Yeti wrote:
> > > I would understand it if it was like this ..
> > >
> > > > > $search = isset($_GET['search']) ? $_GET['search'] : '';
> > > # versus
> > > if (isset($_GET['search'])) { $search = $_GET['search']; }
> > > ?>
> > >
> > > In the first statement $search would either be set to $_GET['search']
> > > or an empty string, whereas in the second statement $search would only
> > > be set, if there is a $_GET['search']
> >
> > Wrong. They are equivalent. The second is probably just easier to follow
> > with a clearly defined default value outside the conditional block.
> >
> > Cheers,
> > Rob.
>
> No, they are not. In the first statement, $search is the value of
> $_GET['search'] if the key exists, or an empty string if it does not.
> In the second statement, $search is the value of $_GET['search'] if
> the key exists or retains its original value if the key does not
> exist.
Yes, I didn't realize Yeti had changed the OP's code which convoluted
the issue since his version wasn't what I was responding to and I didn't
realize he dropped a line from the OP's code.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: what's the difference in the following code?
On Sat, Oct 18, 2008 at 2:34 PM, Robert Cummings <[EMAIL PROTECTED]> wrote:
>
> On Sat, 2008-10-18 at 08:44 -0700, Yeti wrote:
> > I would understand it if it was like this ..
> >
> > > $search = isset($_GET['search']) ? $_GET['search'] : '';
> > # versus
> > if (isset($_GET['search'])) { $search = $_GET['search']; }
> > ?>
> >
> > In the first statement $search would either be set to $_GET['search']
> > or an empty string, whereas in the second statement $search would only
> > be set, if there is a $_GET['search']
>
> Wrong. They are equivalent. The second is probably just easier to follow
> with a clearly defined default value outside the conditional block.
>
> Cheers,
> Rob.
No, they are not. In the first statement, $search is the value of
$_GET['search'] if the key exists, or an empty string if it does not.
In the second statement, $search is the value of $_GET['search'] if
the key exists or retains its original value if the key does not
exist.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: what's the difference in the following code?
> Wrong. They are equivalent. The second is probably just easier to follow > with a clearly defined default value outside the conditional block. Well, leaving out the default value at the 2nd if statement makes a difference and that's what I did. Here is the code I changed again .. Set to $_GET['search'] or an empty string Only set if there is a $_GET['search'] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: what's the difference in the following code?
On Sat, 2008-10-18 at 08:44 -0700, Yeti wrote:
> I would understand it if it was like this ..
>
> $search = isset($_GET['search']) ? $_GET['search'] : '';
> # versus
> if (isset($_GET['search'])) { $search = $_GET['search']; }
> ?>
>
> In the first statement $search would either be set to $_GET['search']
> or an empty string, whereas in the second statement $search would only
> be set, if there is a $_GET['search']
Wrong. They are equivalent. The second is probably just easier to follow
with a clearly defined default value outside the conditional block.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: what's the difference in the following code?
I would understand it if it was like this .. In the first statement $search would either be set to $_GET['search'] or an empty string, whereas in the second statement $search would only be set, if there is a $_GET['search'] //A yeti -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: what's the difference in the following code?
Hi,
why say Chris Shiflett that this is not good: because security problems
or because you cannot see very good what the code do?.
Regards
Carlos
Lamp Lists schrieb:
I'm reading "Essential PHP Security" by Chris Shiflett.
on the very beginning, page 5 & 6, if I got it correct, he said this is not
good:
$search = isset($_GET['search']) ? $_GET['search'] : '';
and this is good:
$search = '';
if (isset($_GET['search']))
{
$search = $_GET['search'];
}
what's the difference? I really can't see?
to me is more the way you like to write your code (and I like the top one :-) )?
thanks.
-ll
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
