[Pugged] Alright, my turn
David Champion
ciapug@ciapug.org
Tue, 24 Sep 2002 18:45:38 -0500
Chris Van Cleve wrote:
> I'm hoping not to turn register_globals on. I'm a believer in keeping
> with standards, especially for security. Besides, learning the hardway
> first makes doing it the easy way that much more cake.
>
The "register_globals" thing isn't so much a standard (it's been there
for a long time), they just started defaulting it to "off" as a security
issue. Not trying to talk you out of what you're doing - which the
"right" way to do it. There have been articles about turning
register_globals off and using the arrays a long time before it became
the default.
The problem is that it breaks a lot of pre-existing PHP code. The way
around that is you put a register_globals = on in the .htaccess for
those apps that still need it.
> I actually tried that, oddly enough. It broke the whole include file. ;)
>
> I'll try it the simpler way Bryan mentioned and see how that goes. it
> just seems odd to me that anything gets authorized except 0. That throws
> me a bit.
Are you sure it's failing on a zero? Could it maybe contain an empty
string, or a null?
One way to deal with that possibility is:
if (!$myval OR $myval > $mycheck) { ...
or
if ($myval AND $myval > $mycheck) { ...
You might have to change the logic depending on what you're checking
for... but in general a variable will evaluate to "false" for a number
of values, including false, zero, empty string or null.
-dc