|
Posted by "bruce" on 09/22/05 03:10
recognized that...
but in all honesty, if you're going to write an app, and you're going to do
something with the data, it makes sense to me that you 'know'/ensure that
you're dealing with the correct kind of data. as i see it, this allows you
another way (low entropy) to determine that the information you're getting
is correct/valid. it also allows you to know what functions you
should/shouldn't preform on the data...
my $0.02 worth...
thoughts...
-bruce
-----Original Message-----
From: Robert Cummings [mailto:robert@interjinn.com]
Sent: Wednesday, September 21, 2005 5:00 PM
To: bedouglas@earthlink.net
Cc: 'Chris Shiflett'; 'Mikey'; 'PHP Mailing Lists'
Subject: RE: [PHP] security/sql issues with php
On Wed, 2005-09-21 at 19:54, bruce wrote:
> but now that you're talking about ints/strings/floats, aren't you now
> getting into data typing issues... which gets into the correct/appropriate
> archistecture of your app, variable namespace issues, etc...
Nope, just showing that adding 0 to data retrieved from $_GET does not
necessarily result in an int.
Cheers,
Rob.
--
..------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
[Back to original message]
|