On 04/08/16 22:47, Yasuo Ohgaki wrote: >> The correct response to a form validation error is to show a message to the >> > user with as much detail as possible, not to simply terminate the script >> > and >> > assume they are trying to attack your application. > We are talking about different things. > I'll document it clearly in RFC.
But both need to be done at the same time ... Validating the input data requires that you have a set of rules for each variable, and if all are correct then one can process the 'array', but if an element fails validation then one needs to handle the error either as suspicious, or simply out of range. I repeat that handling the complexities of EACH variable of the validation is a package of work in it's own right, and trying to handle some aspects via an array function does not remove the more obvious need to decide what order to handle validation errors on each element, or to return error messages for each variable that fails validation. If the element is some attempt to create an injection of js or html tags then it should fail validation, but equally it may be a valid input as long as it is escaped and stored in a correct manor. The complexity of what you plan for your array validation elements start with all the same rules applied to a single variable. -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
