Andrew Faulds wrote:
No, he's not. Filtering and escaping are two very significant concepts in
security. Just because PHP implemented some escaping concepts into the filter
function does not mean that the concerns are co-related.
Ah, again you see, I'm confusing things :) In the security context, English
language context, and signal processing context, a filter removes. In computer
science, but not computer security, it processes.
I'm very confused :P
A filter simply takes an input and produces an output. There is nothing to say
that the output can't be bigger than the input? I'd happily accept a filter that
takes one language in and outputs a different one. Alright that filter requires
a considerably more complex processing than taking a .css file and outputting it
as a colour coded document, or taking a piece of raw tagged html and outputting
in a format that allows it to be displayed rather than processed in the browser.
Certainly a dictionary definition of 'filter' always implies that a reduced set
of material comes out, so perhaps we need to use a different word, for the
process, but the same 'process' applies to all of these 'conversions'. An input
data format is converted to an output data format?
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
