|
|
Posted by Martin Jay on 09/28/61 11:47
In message <qO79g.723$n14.576@fe03.lga>, robert
<ab@no.spam-alama-ding-dong> writes
>"Martin Jay" <martin@spam-free.org.uk> wrote in message
>news:bB86kTMA4PZEFwQI@spam-free.org.uk...
>| In message <5O69g.1378$Jn3.786@fe04.lga>, robert
>| <ab@no.spam-alama-ding-dong> writes
>| >| Or you could give $surname a nonsense value
>| >| before doing the search.
>|
>| >oh...you're a "magic value" kind of guy. THAT advice is PURELY NONSENSE.
>|
>| LOL. In this context it's no less secure than using a password, as we
>| do for many other things.
>who says anything about "secure"...that's just STUPID programming. and, "as
>we do"...bullshit...don't pass off that amature shit over here. if it is
>BLANK and you want to do something under that situation, catch it and handle
>it correctly. "correctly" here in NO WAY involves magic values.
>
>how bout:
>
>if (!$searchForThis == '')
>{
> do you shit to generate a report here...otherwise, don't waste any more
>time.
>}
Why do you suggest such a complicated 'if' expression? I think Harold's
code was neater:
if(empty($surname))
{
echo "Please enter valid surname.";
}
Your suggestion is similar to the one I made earlier.
What prompted me to also suggest the "magic value" was that Harold wrote
this:
"If a viewer submits it with the surname data blank empty, it brings up
the entire data base to my results web page.
I don't want this to happen. Instead I want to tell the viewer to submit
a valid surname and show no results."
Perhaps this meant the database query should still be ran but the
results suppressed. The fact that Harold asked his question suggests
that he isn't a confident PHP programmer, so I offered the "magic code"
alternative as a way for him to avoid modifying code he was unsure
about.
--
Martin Jay
Navigation:
[Reply to this message]
|