questions about comparisions in the PHP code base (Technics)
Hello
As second, i found many occurences of comparisions in a if-else-manner which are IMHO better readable in a ternary operation.
// I found as an example: if (isset($_REQUEST['action'])) $action = $_REQUEST['action']; else $action = 'main'; // IMHO better $action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : 'main';The ternary operator is in use at many places but because of the development over (around) 10 years, the notation of such checks is very non-uniform. Is it worth the effort to to comb through the scripts to replace the "old" with the "new" notation only for developers better readability of the scripts and a few hundred or thousand bytes less code?
The phpBB forum has a method request_var and the rest of the code base is not allowed to use $_REQUEST directly! I strongly recommend you to use the same principle. You don't need all the features that the phpBB version of "request_var" has, but two important things is that it forces you to have a default value (so you don't need to check that in every place) and it checks the type.
The reason is security. Using $_REQUEST directy may results in bugs and those bugs is probably related to security. (If you handle user input badly you get a security hole).
Once you have this method (or something like it) in place, you can simply search the code base for $_REQUEST and replace all of them. Yes, it's a lot of work, but it will make the code more safe.
If you implement "request_var", there is two things you need:
* Force to have a default value so that the caller doesn't have to check the value.
* Check if the default value is an integer or a float. If that is the case, ensure that the value is an integer or a float, in order to protect from for example sql injection.
Regards,
Daniel