|
|
Posted by Shelly on 03/19/06 23:25
"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:tfGdnWvTPJxom4bZRVn-qg@comcast.com...
> Steve Chapel wrote:
>> Jerry Stuckle wrote:
>>
>>> pieter_hordijk@hotmail.com wrote:
>>>
>>>> Why are you using three equal signs?
>>>>
>>>> The following is enough:
>>>> if(($_POST['username'] == 'steven') && ($_POST['password'] ==
>>>> 'crocker'))
>>>>
>>>
>>> Three equal signs checks to ensure they are both the same type and the
>>> same value.
>>>
>>> Otherwise you can have the potential problem of the user entering a zero
>>> for username and password. PHP could then try to compare as integers
>>> instead of strings - and convert 'steven' and 'crocker' to zero. The
>>> comparison would then be true.
>>
>>
>> But because $_POST["username"] is a string, and 'steven' is a string, a
>> string comparison will be done with ==, and the problem you mention with
>> a numeric comparison won't happen, right? I just tried some PHP code with
>> a simple variable ($str) in place of $_POST["username"] set to "0", and a
>> string comparison is done.
>
> Steve,
>
> In this particular example, that's true - it will compare OK, at current
> versions of PHP. But it's still a good habit to get into.
Maybe it is the "C" (and Java) in me, but I always compare with
if (!strcmp(first, second))
or strcasecmp. That way I am always sure I am comparing the contents of
strings. (Am I wasting my effort?)
Shelly
Navigation:
[Reply to this message]
|