On 15.08.2016 at 13:00, Tony Marston wrote: > "Dan Ackroyd" wrote in message > news:ca+kxmuriobqpmtekqnyv8rx0gkclryixi--y5tcyukdqpt7...@mail.gmail.com... > >> "Input data validation should accept only valid and possible inputs. >> If not, reject it and terminate program." > > I DISagree 100%. Validation errors should NEVER terminate the program, > they should continue by displaying all the error messages to the user so > that he/she can correct his/her mistake and try the operation again.
Yasuo (who Dan quoted here) refers to completely invalid input, such as invalid UTF-8 byte sequences. I think, that in this case the app should bail out without even given detailed information, as such grossly invalid input most likely is an attempt to attack (or a severe browser bug). -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
