mailing list archives
Re: PHP filter function against SQL injections
From: Terra Frost <terrafrost () gmail com>
Date: Fri, 09 Feb 2007 09:39:28 -0600
jeffrey rivero wrote:
sure you can then you would get an cast exception
but you would have to know what you looking for ?
Please show me some code that, when casting something to an integer,
yields a cast exception. I doubt you could. PHP is a loosely typed
language, after all.
In fact, here are some tests of my own:
That yields no exceptions and outputs a 1. Whether or not it you
believe it ought to output a 1 or not is also beside the point - the
point is that it *does* cast to an integer.
Here's another test.
That yields 0. To understand why, read this:
We don't have to test any other types because, unless you're doing
something like unserialize, you're not going to be able to get those
types via GET / POST / COOKIE. Everything returned via any of those is
either a string or an array. I'd post more code demonstrating this, but
this email is long enough.