It is worth noting that point you bring up is one that is present in PHP
currently:
php > print_r(json_decode(json_encode(array('a' => 'b'))));
stdClass Object
(
[a] => b
)
php > print_r(json_decode(json_encode(array('a', 'b'))));
Array
(
[0] => a
[1] => b
)
-Dan
On Tue, May 31, 2011 at 2:25 PM, Stas Malyshev <smalys...@sugarcrm.com>wrote:
> Hi!
>
>
> Stas, I didn't understand your point about eval() and security. What did
>> you mean?
>>
>
> I meant if PHP has JSON syntax as native, e.g. you can say something like:
>
> $a = {"a":"b"};
>
> Then the temptation would be to write something like:
>
> // $json_string is {"a":"b"}
> $a = eval($json_string);
>
> just as Javascript programmers sometimes do. That would have the same
> security implications as it has in Javasctipt - somebody could inject
> executable code there, etc. Of course, nobody forces you to do this, but the
> temptation would be there.
>
> Also, with full JSON support it is not entirely clear to me what {"a": "b"}
> would mean - is it an array or an object? In JS, it's definitely an object,
> but in PHP objects are almost never used to store pure state without
> behavior, because we have hashtable arrays, while JS only has vector arrays.
> So here we have some unclear point (which does not happen with [] syntax,
> since with [] it's obvious we're talking about arrays, just as in many other
> languages).
>
> --
> Stanislav Malyshev, Software Architect
> SugarCRM: http://www.sugarcrm.com/
> (408)454-6900 ext. 227
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
