I'm more worried about the interaction of the php code with the database: mysql> create table test (id int not null, name varchar(255)); Query OK, 0 rows affected (0.27 sec)
mysql> insert into test values (1,""); Query OK, 1 row affected (0.00 sec) mysql> insert into test values (1,NULL); Query OK, 1 row affected (0.00 sec) mysql> select * from test; +----+------+ | id | name | +----+------+ | 1 | | | 1 | NULL | +----+------+ 2 rows in set (0.00 sec) mysql> select count(*) from test where name is null; +----------+ | count(*) | +----------+ | 1 | +----------+ 1 row in set (0.00 sec) mysql> select count(*) from test where name = ""; +----------+ | count(*) | +----------+ | 1 | +----------+ 1 row in set (0.00 sec) If you write your own doctrine queries (i.e. work with the table outside the form framework) then you have to be aware of the fact that you need to rewrite a query containing 'name = ""' to 'name is null' otherwise you'll end up with surprising results. So if you have code that simply stores empty data for a column as an empty string that will interact very badly with with the magic conversion the form framework does. Regards, Dennis -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
