On Fri, December 15, 2006 5:43 pm, Ilia Alshanetsky wrote: > Consider E_NOTICE, it is a superb tool for finding out things like un- > declared variables (which often cause all manner of exploits), and > yet most developers keep it off because it gets in a way, even though > it has 0 false positives.
First, a nitpik: pg_fetch_row() for a long time gave a false positive (imho) about seeking past the end of the result set. To this day I type @pg_fetch_row() as a matter of course, even though I think this maybe got fixed... :-) REAL CONTENT: I think that "taint" might be useful to some developers. Perhaps it would be best to review the proposed changes for performance effects, and see how much difference it really makes to add a bit-flag to every zval, and what other effects taint has with it turned OFF. The penalties for turning it ON in performance are a non-issue, I should think. If Wietse has a working prototype patch to do it, shouldn't we (an editorial we, there) at least give it a test spin? -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
