Hi,
Take a look at the code example [1].
Why not giving programmers the possibility to init their scripts with
a call, that tells exactly what data should be taken - like GET userid
INT and GET password MIXED, or just POST domainid INT, or something
like that.
If there's data transmitted, the scripts doesn't need, why should we
go on with execution?
In my example, request_init would check if there is $_POST['userid'],
$_POST['pass'], $_GET['userid'] or $_GET['pass'] and if userid is an
integer, and pass is mixed.
If that's all right, the script just goes on working.
If not, and that's the clue, the callback function will be called,
telling the user what's wrong.
A feature like that would highly improve security. Programmers
wouldn't even think about stupid solutions like getting all the $_POST
data into an Array() and trying to quote it anymore. It's an advantage
for readability too:
You take a look on the code, and you just know exactly what's going on.
When magic_quotes and register_globals will, finally, be killed in
PHP6, this could be, finally, a real security feature, couldn't it?
Greets,
Daniel Zulla
[1] Code Example:
<?php
request_init(Array(POST, GET), Array(userid => INT, pass =>
mixed), $callback->crap_transmitted, 1);
?>
<html>
[...]
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
