Posted by Jerry Stuckle on 03/17/06 20:56

Steve Chapel wrote:
> Jerry Stuckle wrote:
>
>> pieter_hordijk@hotmail.com wrote:
>>
>>> Why are you using three equal signs?
>>>
>>> The following is enough:
>>> if(($_POST['username'] == 'steven') && ($_POST['password'] ==
>>> 'crocker'))
>>>
>>
>> Three equal signs checks to ensure they are both the same type and the
>> same value.
>>
>> Otherwise you can have the potential problem of the user entering a
>> zero for username and password. PHP could then try to compare as
>> integers instead of strings - and convert 'steven' and 'crocker' to
>> zero. The comparison would then be true.
>
>
> But because $_POST["username"] is a string, and 'steven' is a string, a
> string comparison will be done with ==, and the problem you mention with
> a numeric comparison won't happen, right? I just tried some PHP code
> with a simple variable ($str) in place of $_POST["username"] set to "0",
> and a string comparison is done.

Steve,

In this particular example, that's true - it will compare OK, at current
versions of PHP. But it's still a good habit to get into.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]