first rule of programming: sanitize user input if you EXPECT no array catch it
Am 02.06.2011 16:54, schrieb Marcel Esser: > You don't need a form to receive bad user input. > > Also, I am not really inclined to write $v = isset($_POST['x']) ? > (is_array($_POST['x']) ? 'something else that > makes more sense' : $_POST['x'] ) : null; just to avoid catching a fatal. > > On 6/2/2011 10:50 AM, Reindl Harald wrote: >> >> Am 02.06.2011 16:24, schrieb Marcel Esser: >>> I am not convinced that making this an error is a good idea. >>> >>> If I receive a $_GET/$_POST value that I expect to be a string value, but I >>> actually received an array, this would >>> mean I need to now explicitly check for it, since it will stop the runtime >>> otherwise. >> so fix your code jesus christ >> what do you do if you expect a string and get an array? >> nothing useful! >> >> you can get this only by define name="multi[]" in a form >> and so if you define there post an array you should not >> expect a string in the code, this is exactly a sample where >> a fatal error should be thworn to force peopole not writing >> crappy code which floods my error-logs if anybody out there >> means to put a self-written script on our servers with >> E_ALL | E_STRICT which are running in this mode since years >> >> would this be an error the blind developers would see them >> even on their development-machines >> > -- Mit besten Grüßen, Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / software-development / cms-solutions p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
