On 19/09/12 17:21, Michael Stowe wrote:
/"Oh goodness no, let's please only do OOP with the language features.
Creating ridiculous "procedural" OOP abstractions helps absolutely
nobody"/
Andrew, I'm the biggest advocate of OOP out there, but the purpose of
this is to provide a nice convenient layer for all developers to use
to properly escape code and increase security within their
applications. As such, we need to cater to the resistance...err, I
mean Procedural Purists and those who are beginning PHP development
and are not yet comfortable with OOP.
- Mike
I understand that. I don't mind a procedural API, something like:
escape_html_attr($str, 'utf8'); with non-optional encoding.
But a pseudo-OOP "procedural" API that merely uses a context instead of
an actual object with methods is stupid. I cannot believe that newbies
like myself are incapable of understanding that $ctx->escape($str) and
escape($ctx, $str) are essentially equivalent. Besides, examples in the
documentation can make this very simple to understand.
--
Andrew Faulds
http://ajf.me/
