Agreed.
Making things easy for both you and the programmer who follows is
more important than cutting a few nanoseconds off compute time. After
all, just displaying that information (i.e., echo) will take far more
time and even vary more than that between monitors.
Cheers,
tedd
--
-------
http://sperling.com/
Hi Paul, hi David,
I must correct Paul here.. a malicious user might be able to send a
value which is not "value1" or "value2", but this will not have any
impact for this snippet of code.
This snipped of code just set's a checkbox to being checked when the
value is the one expected. That's fine, so far. A classic whitelist.
But make sure the other code which we don't see
- does not outpot any _POST / _GET / _REQUEST / _COOKIE variables
without encoding the contents (f.e. htmlspecialchars), or
- does not send and user supplied data without scaping the sb-related
special chars.. (f.e. mysql_real_escape-string).
Regards,
Jan