André Langhorst wrote:
> > Perhaps, in order to maintain compatibility, we should re-document is_set,
> > create the documentation for is_null, and look into creating a new function
> > that will determine if something has "ever been inside the namespace", regardless
> > of its current value, or absence of value.
> we should just define (and document) this similar to Andrei (note, I do
> not use the word "the same" I use that word equal, what means different
> things):
> NULL  equals  absence_of_value  equals  absence_of_variable_in_namespace
> I can imagine no case where people would need to differentiate between
> NULL and never been in namespace....

(Disclaimer: I think much of this is a bit silly, as it all can be
worked around, or people can avoid using NULL... but for the sake of
those who believe "NULL" should be a value....)

Here's a possible case for this:
You have three forms. Each uses differently named variables.
All three post to the same page. One way a user might try to code
for this is:
if (isset($HTTP_POST_VARS[var_only_from_form_one]){ include ("foo");}
if (isset($HTTP_POST_VARS[var_only_from_form_two]){ include ("bar");}

Or using "has_ever-been_a_var" to do the same thing. Now, if one of those var's
has been assigned NULL somehow, their logic breaks, even though the var is
actually there, and has been set with something they consider a "value".

In a more interesting fashion, it adds a possible security feature,
where folks could actually error out their scripts if a user tried
to _introduce_ a faked variable, because it wasn't "supposed to be
there" under the current conditions, or at all. By walking the var arrays,
and checking against the expected vars, a user could send a security
warning if sombody was hacking a URL or faking a form.... the obvious
case I can think of is folks adding "debug=1" somehow.


Personal:  [EMAIL PROTECTED], 520-326-6109,
Work: [EMAIL PROTECTED], 520-546-8993,
The opinions expressed in this email are not necessarily those of myself,
my employers, or any of the other little voices in my head.

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to