|
|
Posted by Steve Chapel on 03/17/06 17:39
Jerry Stuckle wrote:
> pieter_hordijk@hotmail.com wrote:
>> Why are you using three equal signs?
>>
>> The following is enough:
>> if(($_POST['username'] == 'steven') && ($_POST['password'] ==
>> 'crocker'))
>>
>
> Three equal signs checks to ensure they are both the same type and the
> same value.
>
> Otherwise you can have the potential problem of the user entering a zero
> for username and password. PHP could then try to compare as integers
> instead of strings - and convert 'steven' and 'crocker' to zero. The
> comparison would then be true.
But because $_POST["username"] is a string, and 'steven' is a string, a
string comparison will be done with ==, and the problem you mention with
a numeric comparison won't happen, right? I just tried some PHP code
with a simple variable ($str) in place of $_POST["username"] set to "0",
and a string comparison is done.
Navigation:
[Reply to this message]
|