On 15.11.2005 15:06, Roman Ivanov wrote:
This particular extension treats each input variable individually, which
is not desirable in majority of scripts I worked with. Such approach
adds unnecessary complexity to the script, and requires to handle each
invalid variable separately as well. But the real problem is that there
are many ways of filtering input, and I do not think any of them fits
all the situations.
Ahha.
So what exactly do you propose?
For example, I have 3 different variables: an email, an integer and a string.
How do you think I should filter them ?
>> "Part of the standard API, which is included with PHP and compiles by
>> default", if you will.
>
>
> So, basically you're objecting against enabling it by default?
> Why? I really do not see a reason to not include it by default, if it
> helps to write more secure code.
> (remember that "enabled by default" means you can disable it in a
moment).
Well, I think that everything in core distribution is a suggested
standard. But a language should not, in my opinion, suggest any
particular structure for the program, unless it's absolutely necessary.
It's not a major issue, but still...
Sorry, I refuse to understand that.
The language HAS to recommend a way to do something and to allow user to choose
any other way if the recommended one doesn't fit his/her needs.
If there is no a recommended way to do, for example, input filtering, users
would re-invent the wheel every time, which results in square wheels and
engines with security issues discovered every day.
That's the whole point: to provide a fast and comfortable way to filter data,
so the users won't have to do it themselves.
Feel free to offer an improvements, if you have something to offer, but saying
that a standard method of doing something *imposes* a particular structure is
just a nonsense.
--
Wbr,
Antony Dovgal
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
