|
Posted by "bruce" on 09/22/05 02:56
followup...
for the short term, i'm going to rip apart a few of the open source web apps
that have received funding, to get a feel for what/how these apps have
decided to handle their security issues...
the assumption/hope is that these guys have put $$$ into doing a serious
security audit on the code that they've created...
thanks
-burce
-----Original Message-----
From: Robert Cummings [mailto:robert@interjinn.com]
Sent: Wednesday, September 21, 2005 4:44 PM
To: Chris Shiflett
Cc: Mikey; 'PHP Mailing Lists'
Subject: Re: [PHP] security/sql issues with php
On Wed, 2005-09-21 at 19:21, Chris Shiflett wrote:
> Mikey wrote:
> > I have found that adding 0 and then running is_int() usually works.
>
> You mean always works. :-) Casting something to an integer and then
> checking to see if it's an integer doesn't tell you anything useful:
>
> <?php
>
> $int = 'this is not an int';
> $int += 0;
>
> if (is_int($int))
> {
> echo '$int is an integer';
> }
>
> ?>
>
> You're always going to see "$int is an integer" on the screen, even when
> $int is clearly not. As I mentioned, ctype_digit() fits the bill nicely:
Not if it's a float.
<?php
$int = '2.333';
$int += 0;
if (is_int($int))
{
echo '$int is an integer';
}
else
{
echo '$int is probably a float :)';
}
?>
Cheers,
Rob.
--
..------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Navigation:
[Reply to this message]
|