PHWinfo - Afficher un message

30/04/2008, 17h35

William Gill wrote:
> William Gill wrote:
>> Jerry Stuckle wrote:
>>> William Gill wrote:
>> <snip>
>>>> I don't. I didn't want to perform an array_key_exists( 'fieldname',
>>>> $_POST ) before I test what value they contain.
>>>>
>>>>
>>>
>>> Use isset($_POST['fieldname']).
>>>
>> That's what I meant, array_key_exists wouldn't .
>
> isset() seems to be a waste of time also, since every field is being set
> even if only with an empty string.
>

But every field does NOT necessarily need to be set. For instance, a
hacker could create a page which links to yours and doesn't have those
fields set.

NEVER, NEVER, NEVER trust user input!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

30/04/2008, 17h35	#16
Jerry Stuckle Messages: n/a Hébergeur:	Re: $_POST array question William Gill wrote: > William Gill wrote: >> Jerry Stuckle wrote: >>> William Gill wrote: >> <snip> >>>> I don't. I didn't want to perform an array_key_exists( 'fieldname', >>>> $_POST ) before I test what value they contain. >>>> >>>> >>> >>> Use isset($_POST['fieldname']). >>> >> That's what I meant, array_key_exists wouldn't . > > isset() seems to be a waste of time also, since every field is being set > even if only with an empty string. > But every field does NOT necessarily need to be set. For instance, a hacker could create a page which links to yours and doesn't have those fields set. NEVER, NEVER, NEVER trust user input! -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================