Re: Re: scalar localtime() to timestamp

I think you got that sideways :)

You always check for invalid characters. All he did was get the wrong character set, and all you have to do is negate the character class (otherwise, your answer is incomplete/wrong).

Comment on Re: Re: scalar localtime() to timestamp

Replies are listed 'Best First'.
Re: Re: Re: scalar localtime() to timestamp by Aragorn (Curate) on Oct 09, 2003 at 10:53 UTC
I screwed up with the regex, but I still maintain the assertion that you should check for the valid characters in a string. The class of invalid input is infinitely greater than that of valid input. If you check for invalid input and you forget something, you potentially open a security hole. If you check for valid input and forget something, that's inconvenient, but not potentially dangerous. In this case, I got the double negation wrong, which is stupid. Also, the input set is very small, so easy to get right. In more complex cases the chance of forgetting something that is not allowed is much greater than forgetting something that is allowed. And in the latter case, it's merely inconvenient, and not dangerous. Arjen	[reply]

Replies are listed 'Best First'.

Re: Re: Re: scalar localtime() to timestamp
by Aragorn (Curate) on Oct 09, 2003 at 10:53 UTC

In this case, I got the double negation wrong, which is stupid. Also, the input set is very small, so easy to get right. In more complex cases the chance of forgetting something that is not allowed is much greater than forgetting something that is allowed. And in the latter case, it's merely inconvenient, and not dangerous.

Arjen

[reply]