Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.
How about if a hacker tried to load .inc.php alone without going through main .php file, other words, MYAPP (same as NOTMYAPP) is not defined? Will they both die because the condition would be true in both cases?
Yes but you're relying on PHP to convert the constant to a string and will generate a warning. There's no logical advantage of doing it that way and in fact you're relying on PHP's forgiving nature.
Xoligy wrote:Yes but you're relying on PHP to convert the constant to a string and will generate a warning. There's no logical advantage of doing it that way and in fact you're relying on PHP's forgiving nature.
ngungo wrote:How about if a hacker tried to load .inc.php alone without going through main .php file, other words, MYAPP (same as NOTMYAPP) is not defined? Will they both die because the condition would be true in both cases?
Sorry, but that's not what I said. All I said was, that after reduction, both are equal to if (false) - and therefore will never execute.
Note that if you use .inc files, this whole thing is useless since the server will show you the plain text content of the .inc file and it won't be parsed as PHP (with default server configuration) unless included withing a PHP file.
Xoligy wrote:Yes but you're relying on PHP to convert the constant to a string and will generate a warning. There's no logical advantage of doing it that way and in fact you're relying on PHP's forgiving nature.
What the hell are you talking about pal? the constant holds a boolean value - not a string.
I think what Xoligy said was if a constant is not defined php would automatically convert it to a string that has the value of the name of the constant.