Hi Christian, On Thu, Aug 4, 2016 at 8:27 PM, Christian Stadler <sta...@gmx.de> wrote: > Am 04.08.2016 um 12:10 schrieb Yasuo Ohgaki: >> Hi Christian and all, >> >> On Thu, Aug 4, 2016 at 10:07 AM, Christian Stadler <sta...@gmx.de> wrote: >>> Am 01.08.2016 um 10:23 schrieb Yasuo Ohgaki: >>>> P.S. It's possible to return array that contains offending values. It >>>> is not included since users can store whole offending input array. >>>> Whole input is more useful for attack analysis. >>> Actually I wanted to suggest exactly that for ppl. who want to give >>> Feedback to their users, what values failed to validate to the users. >>> Probably with a fourth optional param, like `$return_invalid = false`? >>> Of course logging is a different topic and should always use the whole >>> offending input array. >> I can set offending value to filter globals so that it can be >> retrieved later in catch block. I cannot return or modify referenced >> parameter because of raised exception. > > Well, since some people have objections about raising exceptions here, > this should probably be either in a seperate vote or additional options > in the main vote. Probably something, like: > Yes, either | Yes, without the exception | Yes, with the exception | No > Personally I would vote for 'Yes, either'. If I could, that is.
One of my objective is following best practices. Prefer exception over error is one of them. Although, I strongly suggest to use exception for validation errors, I will have choices. (Exception should be used error cases that should not happen usually, but usual error handling would work. Error message could be more user friendly because php_error_docref() supports va arg) > >> I don't mind adding this feature. It requires an API like >> validate_get_offending_value(). (The name should be nicer) >> How many of us are interested in this feature? > > Then this new function should have an offset param. With this I could > check, if the array has any offending values and then continue with the > rest ... mmh, now that I think of it, this isn't really necessary. > > Uhm, well anyway: I'd suggest, that the ind(ex/ices) should be returned > rather, than the actual value names. OK. Thank you. I'll add this. The reason why I said store "value" is the code. To get index, it has to store index somewhere or change many lines of code. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
