On 9/8/06, Robert Cummings <[EMAIL PROTECTED]> wrote:
On Fri, 2006-09-08 at 15:30 -0600, Jeremy Privett wrote:
> Well, it could be this, too:
>
> switch( $_REQUEST['id'] ) {
> case "white":
> echo "Right color.";
> break;
>
> case "black":
> echo "Rig
At 12:29 PM -0400 9/9/06, Robert Cummings wrote:
On Sat, 2006-09-09 at 12:12 -0400, Mark Charette wrote:
As a senior member of the software QC department in a major industrial
company, I generally find more errors and omissions in validation
routines during code reviews and ethical hacks tha
On Sat, 2006-09-09 at 17:27 +0100, Stut wrote:
> Mark Charette wrote:
> > And I'll wager a brew no one here has ever done a formal, mathematically
> > rigorous proof of a validation routine except as a class project. As a
> > senior member of the software QC department in a major industrial
> >
On Sat, 2006-09-09 at 12:12 -0400, Mark Charette wrote:
>
> As a senior member of the software QC department in a major industrial
> company, I generally find more errors and omissions in validation
> routines during code reviews and ethical hacks than anywhere else.
http://en.wikipedia.org/wiki
Mark Charette wrote:
And I'll wager a brew no one here has ever done a formal, mathematically
rigorous proof of a validation routine except as a class project. As a
senior member of the software QC department in a major industrial
company, I generally find more errors and omissions in validatio
Robert Cummings wrote:
On Sat, 2006-09-09 at 11:30 -0400, Mark Charette wrote:
Stut wrote:
Mark Charette wrote:
However, looking at it from a 'knowing early the data is tainted'
perspective, not from a 'validating and cleaning perspective', if you
have coded that (for instance)
On Sat, 2006-09-09 at 11:30 -0400, Mark Charette wrote:
> Stut wrote:
> > Mark Charette wrote:
> >> However, looking at it from a 'knowing early the data is tainted'
> >> perspective, not from a 'validating and cleaning perspective', if you
> >> have coded that (for instance) a variable is set vi
Stut wrote:
Mark Charette wrote:
However, looking at it from a 'knowing early the data is tainted'
perspective, not from a 'validating and cleaning perspective', if you
have coded that (for instance) a variable is set via COOKIE, then
only looking for that variable set via COOKIE will eliminat
On Sat, 2006-09-09 at 10:21 -0400, Mark Charette wrote:
> Robert Cummings wrote:
> > On Fri, 2006-09-08 at 18:38 -0400, tedd wrote:
> >
> >> At 5:03 PM -0400 9/8/06, JD wrote:
> >>
> >> In all of the answers given thus far, no one mentioned that the use
> >> of $_REQUEST has a security iss
Mark Charette wrote:
However, looking at it from a 'knowing early the data is tainted'
perspective, not from a 'validating and cleaning perspective', if you
have coded that (for instance) a variable is set via COOKIE, then only
looking for that variable set via COOKIE will eliminate its being
Robert Cummings wrote:
On Fri, 2006-09-08 at 18:38 -0400, tedd wrote:
At 5:03 PM -0400 9/8/06, JD wrote:
In all of the answers given thus far, no one mentioned that the use
of $_REQUEST has a security issue with regard to where the $_REQUEST
originated.
$_REQUEST is an array consisti
side down.
Satyam
- Original Message -
From: "Kevin Murphy" <[EMAIL PROTECTED]>
To: "php"
Cc: "JD" <[EMAIL PROTECTED]>
Sent: Friday, September 08, 2006 11:25 PM
Subject: Re: [PHP] if statement with or comparison (newbie)
Shouldn't that be
On Fri, 2006-09-08 at 18:38 -0400, tedd wrote:
> At 5:03 PM -0400 9/8/06, JD wrote:
> >I'm trying to set up a simple conditional, something like this:
> >
> >Here is what I have tried:
> >
> > if ($_REQUEST['id'] != ("black" or "white")) {
>
>
> In all of the answers given thus far, no one me
At 5:03 PM -0400 9/8/06, JD wrote:
I'm trying to set up a simple conditional, something like this:
Here is what I have tried:
if ($_REQUEST['id'] != ("black" or "white")) {
In all of the answers given thus far, no one mentioned that the use
of $_REQUEST has a security issue with regard
On Fri, 2006-09-08 at 15:30 -0600, Jeremy Privett wrote:
> Well, it could be this, too:
>
> switch( $_REQUEST['id'] ) {
> case "white":
> echo "Right color.";
> break;
>
> case "black":
> echo "Right color.";
> break;
>
> default:
>
At 05:30 PM 9/8/2006, you wrote:
- Original Message - From: "JD" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 08, 2006 11:03 PM
Subject: [PHP] if statement with or comparison (newbie)
I'm trying to set up a simple conditional, something like this:
If my_var
- Original Message -
From: "JD" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 08, 2006 11:03 PM
Subject: [PHP] if statement with or comparison (newbie)
I'm trying to set up a simple conditional, something like this:
If my_variable is NOT equal to (black or
ED]
Sent: Friday, September 08, 2006 3:26 PM
To: php
Cc: JD
Subject: Re: [PHP] if statement with or comparison (newbie)
Shouldn't that be this instead:
if (($_REQUEST['id'] != "black") OR ($_REQUEST['id'] !=
"white")) {
echo "w
I think the OR should be an AND ...
If $_REQUEST['id'] = "black" then the second test will be true and it
will output "wrong color." If the color is "white" then the same thing
will happen 'cause it meets the first criteria.
-- Mitch
Kevin Murphy wrote:
Shouldn't that be this instead:
'id'] != "black" AND $_REQUEST['id'] != "white") {
echo "wrong color";
} else (
echo "right color";
}
- Original Message -
From: "JD" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 08
";
} else (
echo "right color";
}
- Original Message -
From: "JD" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 08, 2006 5:03 PM
Subject: [PHP] if statement with or comparison (newbie)
> I'm trying to set up a simple conditional, something l
I'm trying to set up a simple conditional, something like this:
If my_variable is NOT equal to (black or white)
echo "wrong color"
else
echo "right color"
Here is what I have tried:
if ($_REQUEST['id'] != ("black" or "white")) {
echo "wrong color";
} else (
echo
22 matches
Mail list logo
