I agree entirely.
Let me go ahead and fix these three billion man hours worth of code in
use through-out the world. I'll be back shortly.
- M.
On 6/2/2011 11:19 AM, Reindl Harald wrote:
first rule of programming: sanitize user input
if you EXPECT no array catch it
Am 02.06.2011 16:54, schrieb Marcel Esser:
You don't need a form to receive bad user input.
Also, I am not really inclined to write $v = isset($_POST['x']) ?
(is_array($_POST['x']) ? 'something else that
makes more sense' : $_POST['x'] ) : null; just to avoid catching a fatal.
On 6/2/2011 10:50 AM, Reindl Harald wrote:
Am 02.06.2011 16:24, schrieb Marcel Esser:
I am not convinced that making this an error is a good idea.
If I receive a $_GET/$_POST value that I expect to be a string value, but I
actually received an array, this would
mean I need to now explicitly check for it, since it will stop the runtime
otherwise.
so fix your code jesus christ
what do you do if you expect a string and get an array?
nothing useful!
you can get this only by define name="multi[]" in a form
and so if you define there post an array you should not
expect a string in the code, this is exactly a sample where
a fatal error should be thworn to force peopole not writing
crappy code which floods my error-logs if anybody out there
means to put a self-written script on our servers with
E_ALL | E_STRICT which are running in this mode since years
would this be an error the blind developers would see them
even on their development-machines
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
