Hi!
Stas, I didn't understand your point about eval() and security. What did
you mean?
I meant if PHP has JSON syntax as native, e.g. you can say something like:
$a = {"a":"b"};
Then the temptation would be to write something like:
// $json_string is {"a":"b"}
$a = eval($json_string);
just as Javascript programmers sometimes do. That would have the same
security implications as it has in Javasctipt - somebody could inject
executable code there, etc. Of course, nobody forces you to do this, but
the temptation would be there.
Also, with full JSON support it is not entirely clear to me what {"a":
"b"} would mean - is it an array or an object? In JS, it's definitely an
object, but in PHP objects are almost never used to store pure state
without behavior, because we have hashtable arrays, while JS only has
vector arrays. So here we have some unclear point (which does not happen
with [] syntax, since with [] it's obvious we're talking about arrays,
just as in many other languages).
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
