Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
$str1 = "234324";
$str2 = "sdf23dsf";
echo gettype($str1)."<br />".gettype($str2)."<br />";//returns both as string
echo gettype(intval($str1))."<br />".gettype(intval($str2))."<br />";//returns both as integer
echo is_numeric($str1)."<br />".is_numeric($str2)."<br />";//returns 1 for the first one
patrikG wrote:
Unless it covers object oriented programming in good detail, I don't think any beginner's PHP book is worth looking at. I usually recommend Harry Fuecks "PHP Anthology".
Yup. And I used to work in Horsham for a couple of months some time ago... We always went to the Malt & Shovel
You're kidding? The guys name is Fuecks?! The Malt & Shovel - Springfield Road? Near the cross roads?
yup! But they either sell it to expensively or the UK government (as usual) slaps 400% import duty on it... Being asked close to 3 squid for a pint is daylight robbery. But alas, every now and then, I nice pint of Hoegaarden... <slurp>
remove the square brackets, those are used as a character class; i.e. anything inside is considered an unordered list of acceptable characters for the match. The error is due to your usage of --, the minus symbol is a metacharacter in character classes.
feyd wrote: The error is due to your usage of --, the minus symbol is a metacharacter in character classes.
Hi - cheers for that - I'm only on week 2 of php so learning lots as I go; but I've read that -- is used in sql injection attacks?
I'm also using
function filterAlphanumeric($string){
return preg_replace("/[^a-zA-Z0-9]/", "", $string);
}
so will that take care of the dreaded --?
[/php ]-tags (without the spaces in the brackets)
you will end up with code-highlighting
[syntax=php]function filterAlphanumeric($string){
return preg_replace("/[^a-zA-Z0-9]/", "", $string);
}[/syntax]
D'oh. But I gotta tell ya, I'm loving php and mysql a billion times better than asp and micro$oft sql serv. It's very actionscript-esque in it's approach.