FindFirst(NULL) = Dangerous

Question

FindFirst(NULL) = Dangerous

kpitn Sep '14

Created Sep '14	Last Reply Oct '15	Replies 3	Views 933	Votes 0

kpitn 7.9k

Sep '14

When I use this

Admin::findFirst(NULL)

The first record of the table is found, is this correct ?

On the contrary

Admin::findFirst(0)

No record found (to me correct)

RompePC · Answer 1 · 2014-09-29T08:08:14-07:00

Yeah you're right. But remember that Admin::findFirst() is the same as Admin::findFirst(NULL).

And for Admin::findFirst(0), if you're using unsigned int with autoincremente, it's correct (because it starts at 1).

kpitn · Answer 2 · 2014-10-02T03:23:29-07:00

if you have a variable $id who is null, it's very dangerous.

Imagine you test if someone is loged with Admin::findFirst($id); and you don't test if (int)$id >0, everybody can connect.

RompePC · Answer 3 · 2014-10-02T10:29:56-07:00

1) Yeah, is very dangerous, they had to fix that checking that $var != undefined && $var != NULL (@phalcon).

2) When some user logs in, the developer has to set some way (DB, access file) to say that the user is already log on. So I don't think so that will happen normally.

Lewiz · Answer 4 · 2015-10-24T14:48:49-07:00

I think this is more your responsability, since findFirst is behaving the way it should, finding the first record.