On 15.11.2005 05:38, Roman Ivanov wrote:
Antony Dovgal wrote:
On 14.11.2005 12:55, Roman Ivanov wrote:
wishlist> input filter extension (including some element of user
wishlist> control)
Will it be used _instead_ of $_POST and $_GET?
An extension instead of the arrays?
You must be missing something...
I do not think so. If the only way to get 'post' and 'get' variables
will be trough input_get(), then filter extension will effectively and
functionally replace those arrays. Is it not righ?
Obviously, no, this won't be the only way to get the data.
Honestly, I'm not so sure it's a good idea to implement it like PECL
extension does. Filtering individual variables is, in my opinion, a
wrong way to treat user input.
You may filter data recursively, so filtering, for example, _POST or
_GET would work fine.
Recursion does not solve the problem I'm trying to highlight.
//Way #1:
<skip>
//Way #2:
<skip>
Didn't get the problem, sorry.
Could you try to explain it once more?
"Part of the standard API, which is included with PHP and compiles by
default", if you will.
So, basically you're objecting against enabling it by default?
Why? I really do not see a reason to not include it by default, if it helps to
write more secure code.
(remember that "enabled by default" means you can disable it in a moment).
Yeah, that's why you can use your own callback for filtering.
Callback just plugs your function in some pre-defined structure.
Right.
Feel free to write your own PHP class/library for filtering, if you think that
this predefined structure doesn't fit your needs.
--
Wbr,
Antony Dovgal
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
