On 5/18/07 4:46 PM, "csnyder" <[EMAIL PROTECTED]> wrote:
> On 5/18/07, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
>
>> REFUND!!! The book goes back!
>
> Damn, no points for honesty in this town.
>
>
>> Here's the condition that caught me:
>>
>> $whitelist = (0,1);
>>
>> in_array($_POST['input'], $whitelist);
>
>
> Oh yeah, that'll get ya. Same as if ( $_POST['input'] == TRUE )...
> lots of funny stories about that one.
>
> I guess the rule of thumb is that you should always be validating
> against strings, since that's what you get in the request. Then if you
> specifically need the value to be bool, int, or float, cast it as such
> post-validation.
>
> Thanks for illustrating!
Best regards,
Cliff Hirsch, President
______________________________
Pinestream Communications, Inc.
Publisher of Semiconductor Times & Telecom Trends
52 Pine Street, Weston, MA 02493 USA
Tel: 781.647.8800, Fax: 781.647.8825
http://www.pinestream.com
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
