On 20-Dec-06, at 12:08 AM, Andi Gutmans wrote:
Static analysis won't work well enough in PHP.
It can get you 70-80% there though, without touching the engine.
Btw, I don't see someone doing that foreach and using untaint() being different from someone not filtering their input.
People really should not ignore E_NOTICE, especially about undefined vars. At yet very few applications can truly say that they are E_NOTICE free. Most people just drop the error_reporting level or use error blocking operator.
Ilia Alshanetsky -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
