On 5/18/07, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
REFUND!!! The book goes back!
Damn, no points for honesty in this town.
Here's the condition that caught me: $whitelist = (0,1); in_array($_POST['input'], $whitelist);
Oh yeah, that'll get ya. Same as if ( $_POST['input'] == TRUE )... lots of funny stories about that one. I guess the rule of thumb is that you should always be validating against strings, since that's what you get in the request. Then if you specifically need the value to be bool, int, or float, cast it as such post-validation. Thanks for illustrating! -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
