> On Thursday 13 December 2001 3:17 pm, Martin Lindhe wrote: > > But im questioning the need for this.. why add extra checks > on perhaps > > 200 locations in my code to satisfy a warning message, which points > > out a nonexisting bug? i want warnings turned off but i > dont want this > > one in particular, is there any easy solution to that? > > The truth is that you *DO* want to see these errors, because > they are a > fantastic reminder that your code is full of potential > security holes. This data is coming from the user to it > cannot be trusted at all. For all > user input you *MUST* sanitise the data, along the lines of: > > Check that the user has bothered to send something (with > isset) If not, either bomb out or set the variable to a > sensible and safe default. Check that the data is safe - e.g. > within a specified range of values, > containing no dangerous characters etc. etc. > If the data is unsafe then stop, and ideally, don't give the > hacker any clues.
I am doing this already... Oh well. Anyway, my problem is more like i want exactly this warning turned off (because im well aware of how i should handle user data) but i dont want all warnings turned off. I'd like to suggest something that exist in traditional compilers (not that php is a compiler, but hey ;), where you can turn on/off specific error/warning checks /Martin > > All this makes your code bigger and more complicated, but if > you don't do it, > then it would be foolish to put your code on a public facing server. > > Cheers > -- > Phil Driscoll > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
