Hi Lester,
On Sat, Aug 20, 2016 at 6:21 PM, Lester Caine <les...@lsces.co.uk> wrote:
> On 20/08/16 08:30, Yasuo Ohgaki wrote:
>> The input validation we are discussing is "Input/output rules between
>> client and server". It decides what's valid/invalid.
>
> I think I'm getting two things confused and am mixing your array
> filtering RFC up with this one. There is so much speculative stuff being
> discussed rather than trying to nail down key elements?
>
> I am looking at the whole process, so I have client side validation with
> is built from a set of rules added to the smarty templates. This still
> has a couple of gaps where manual creation of javascript is still
> needed, but that relates more to getting the validation working with
> botstrap3. This gives me a clean set of post data, and if one could
> ignore the morons then working with the $_POST array would be a doddle,
> but because we live in the real world, it's the BUILDING of the $_POST
> array when one can't trust the provider that we want to filter, and in
> an ideal world the rules would be used for each variable as they are
> added to the array, rather than post creating the array. One could
> almost envisage a check that the post data packed IS too big for the set
> of variables being returned and crash out, but simply throwing away
> suspect data as each variable is built and having the logic to simply
> create an exception on the first failure, only pass those fields that
> are valid ensures the $_POST array matches the clients data array.
I might misunderstood you.
It seems you would like to validate inputs as convention rather than
configuration. e.g. Use variable names that specify what it should be,
for instance i_age is integer where "i_" is for integer. Or you would
like to build validation rule on the fly like if there is "age" in
input array, automatically validate it as "integer", "minimum=0",
"maximum=130".
If above is what you would like to achieve, you can do it by building
validation rule array on the fly. Something like
$validation_rules = get_default_rule_for_this_request();
foreach ($_POST as $key=>$value) {
if (!empty($valudation_rules[$key])) {
throw new Exception('You cannot override default rule of '.$key);
}
$validation_rules[$key] = get_validation_rule($key);
}
assert(filter_check_definition($validation_rules));
$mypost = filter_require_var_array($_POST, $validation_rules);
Is this what you want?
--
Yasuo Ohgaki
yohg...@ohgaki.net
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
