On 9/8/06, Robert Cummings <[EMAIL PROTECTED]> wrote:
On Fri, 2006-09-08 at 15:30 -0600, Jeremy Privett wrote:
> Well, it could be this, too:
>
> switch( $_REQUEST['id'] ) {
> case "white":
> echo "Right color.";
> break;
>
> case "black":
> echo "Rig
At 12:29 PM -0400 9/9/06, Robert Cummings wrote:
On Sat, 2006-09-09 at 12:12 -0400, Mark Charette wrote:
As a senior member of the software QC department in a major industrial
company, I generally find more errors and omissions in validation
routines during code reviews and ethical hacks tha
On Sat, 2006-09-09 at 17:27 +0100, Stut wrote:
> Mark Charette wrote:
> > And I'll wager a brew no one here has ever done a formal, mathematically
> > rigorous proof of a validation routine except as a class project. As a
> > senior member of the software QC department in a major industrial
> >
On Sat, 2006-09-09 at 12:12 -0400, Mark Charette wrote:
>
> As a senior member of the software QC department in a major industrial
> company, I generally find more errors and omissions in validation
> routines during code reviews and ethical hacks than anywhere else.
http://en.wikipedia.org/wiki
Mark Charette wrote:
And I'll wager a brew no one here has ever done a formal, mathematically
rigorous proof of a validation routine except as a class project. As a
senior member of the software QC department in a major industrial
company, I generally find more errors and omissions in validatio
Robert Cummings wrote:
On Sat, 2006-09-09 at 11:30 -0400, Mark Charette wrote:
Stut wrote:
Mark Charette wrote:
However, looking at it from a 'knowing early the data is tainted'
perspective, not from a 'validating and cleaning perspective', if you
have coded that (for instance)
On Sat, 2006-09-09 at 11:30 -0400, Mark Charette wrote:
> Stut wrote:
> > Mark Charette wrote:
> >> However, looking at it from a 'knowing early the data is tainted'
> >> perspective, not from a 'validating and cleaning perspective', if you
> >> have coded that (for instance) a variable is set vi
Stut wrote:
Mark Charette wrote:
However, looking at it from a 'knowing early the data is tainted'
perspective, not from a 'validating and cleaning perspective', if you
have coded that (for instance) a variable is set via COOKIE, then
only looking for that variable set via COOKIE will eliminat
On Sat, 2006-09-09 at 10:21 -0400, Mark Charette wrote:
> Robert Cummings wrote:
> > On Fri, 2006-09-08 at 18:38 -0400, tedd wrote:
> >
> >> At 5:03 PM -0400 9/8/06, JD wrote:
> >>
> >> In all of the answers given thus far, no one mentioned that the use
> >> of $_REQUEST has a security iss
Mark Charette wrote:
However, looking at it from a 'knowing early the data is tainted'
perspective, not from a 'validating and cleaning perspective', if you
have coded that (for instance) a variable is set via COOKIE, then only
looking for that variable set via COOKIE will eliminate its being
Robert Cummings wrote:
On Fri, 2006-09-08 at 18:38 -0400, tedd wrote:
At 5:03 PM -0400 9/8/06, JD wrote:
In all of the answers given thus far, no one mentioned that the use
of $_REQUEST has a security issue with regard to where the $_REQUEST
originated.
$_REQUEST is an array consisti
side down.
Satyam
- Original Message -
From: "Kevin Murphy" <[EMAIL PROTECTED]>
To: "php"
Cc: "JD" <[EMAIL PROTECTED]>
Sent: Friday, September 08, 2006 11:25 PM
Subject: Re: [PHP] if statement with or comparison (newbie)
Shouldn't that be
On Fri, 2006-09-08 at 18:38 -0400, tedd wrote:
> At 5:03 PM -0400 9/8/06, JD wrote:
> >I'm trying to set up a simple conditional, something like this:
> >
> >Here is what I have tried:
> >
> > if ($_REQUEST['id'] != ("black" or "white")) {
>
>
> In all of the answers given thus far, no one me
At 5:03 PM -0400 9/8/06, JD wrote:
I'm trying to set up a simple conditional, something like this:
Here is what I have tried:
if ($_REQUEST['id'] != ("black" or "white")) {
In all of the answers given thus far, no one mentioned that the use
of $_REQUEST has a security issue with regard
On Fri, 2006-09-08 at 15:30 -0600, Jeremy Privett wrote:
> Well, it could be this, too:
>
> switch( $_REQUEST['id'] ) {
> case "white":
> echo "Right color.";
> break;
>
> case "black":
> echo "Right color.";
> break;
>
> default:
>
At 05:30 PM 9/8/2006, you wrote:
- Original Message - From: "JD" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 08, 2006 11:03 PM
Subject: [PHP] if statement with or comparison (newbie)
I'm trying to set up a simple conditional, something like this:
If my_variable is NOT equal to (
- Original Message -
From: "JD" <[EMAIL PROTECTED]>
To:
Sent: Friday, September 08, 2006 11:03 PM
Subject: [PHP] if statement with or comparison (newbie)
I'm trying to set up a simple conditional, something like this:
If my_variable is NOT equal to (black or white)
echo "wrong c
ED]
Sent: Friday, September 08, 2006 3:26 PM
To: php
Cc: JD
Subject: Re: [PHP] if statement with or comparison (newbie)
Shouldn't that be this instead:
if (($_REQUEST['id'] != "black") OR ($_REQUEST['id'] !=
"white")) {
echo "w
I think the OR should be an AND ...
If $_REQUEST['id'] = "black" then the second test will be true and it
will output "wrong color." If the color is "white" then the same thing
will happen 'cause it meets the first criteria.
-- Mitch
Kevin Murphy wrote:
Shouldn't that be this instead:
Shouldn't that be this instead:
if (($_REQUEST['id'] != "black") OR ($_REQUEST['id'] !=
"white")) {
echo "wrong color";
} else {
echo "right color";
}
--
Kevin Murphy
Webmaster: Information and Marketing Services
Western Nevada Community College
www.wncc
Let me rephrase it. Your color should be black or white to be the right
colour. Is this correct?
In that case you should change it to
if ($_REQUEST['id'] != "black" AND $_REQUEST['id'] != "white") {
echo "wrong color";
} else (
echo "right color";
}
- Or
21 matches
Mail list logo
