Phil Driscoll schrieb:
On Sunday 29 July 2001 17:35, Zeev Suraski wrote:
> *sigh* :) As I said numerous times, PHP gives you standard clean ways to
> test your variables without generating E_NOTICE's, namely, isset() (very
> popular) and empty() (less popular, but available all the same). There's a
> good, fairly darned good chance that exploitable code will generate no
> warnings whatsoever, and that code that was written with cleanliness in
> mind will actually be more difficult to debug than sucky
> E_NOTICE-generating code would.
We'll have to agree to differ - Over the last year I must have downloaded
about 50 PHP scripts from the popular places with a view to using them. ALL
of them - yes every last one - generated warning messages under E_WARNING.
People who code sloppily, code sloppily, the warning messages will get out.
Even people who code well but don't test under E_WARNING will find that
E_WARNING is their friend. I don't think that the typical uses of isset and
empty actually serve to hide the warning messages that would appear in
Anyway, I'll shut up now and leave you in peace :)
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]