Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100383
Return-Path: <lists@rhsoft.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 17590 invoked from network); 5 Sep 2017 13:08:35 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Sep 2017 13:08:35 -0000
Authentication-Results: pb1.pair.com header.from=lists@rhsoft.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=lists@rhsoft.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain rhsoft.net designates 91.118.73.15 as permitted sender)
X-PHP-List-Original-Sender: lists@rhsoft.net
X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net  
Received: from [91.118.73.15] ([91.118.73.15:26755] helo=mail.thelounge.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 50/37-04538-DC1AEA95 for <internals@lists.php.net>; Tue, 05 Sep 2017 09:08:31 -0400
Received: from rh.thelounge.net  (Authenticated sender: h.reindl@thelounge.net) by mail.thelounge.net (THELOUNGE MTA) with ESMTPSA id 3xmn8J5wVLzXMd
	for <internals@lists.php.net>; Tue,  5 Sep 2017 15:08:16 +0200 (CEST)
To: internals@lists.php.net
References: <CAGa2bXafM0QgMdCuUfEnNcejHAi208=4tCqbi1APT20Z_jcvuQ@mail.gmail.com>
 <EDA8C042-02B5-4DF9-9D15-176B1DE6587B@gmail.com>
 <CAGU04m+RtKkPkmzCzFjHvT=pHE9_tVzWuSd6umk2P1U-g8wy_Q@mail.gmail.com>
 <CADyq6s+QpHB2iPb=T=M2NL1aUTS=Uuf07WpQR5j26kFKDCxzpg@mail.gmail.com>
 <0C7F986C-B0BC-4315-98ED-B4FD003B9399@gmail.com>
 <CAGa2bXa-6kN1yEbnVzbReLX3qH2gVJ5LTmfR31jOp_GwASbrrA@mail.gmail.com>
 <e14c1e6f-4677-6a87-ef30-e3e627c26270@lsces.co.uk>
Message-ID: <c08cbbf5-fb27-7c50-3bcc-c89ccfbd6202@rhsoft.net>
Date: Tue, 5 Sep 2017 15:08:16 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <e14c1e6f-4677-6a87-ef30-e3e627c26270@lsces.co.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: de-CH
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] A validator module for PHP7
From: lists@rhsoft.net ("lists@rhsoft.net")



Am 05.09.2017 um 13:36 schrieb Lester Caine:
> On 05/09/17 12:18, Yasuo Ohgaki wrote:
>> I cannot guess people's thought. I appreciated feedback!
> 
> With a decent database layer a lot of the validation you are proposing
> is already covered but PDO does not help in this area. Adding another
> layer that does not integrate with a storage layer is just adding to the
> current mess ...

sorry, but you confuse "input validation" which this topic is about with 
something different - input validation and reject bad requests belongs 
some layers on top of any storage and should be done as soon as possible

that should even happen long before you open a database connection at 
all because when you know the request is bad soon enough you won't talk 
to any database, filesystem or whatever storage layer at all


the only question as applicaton developer is how you proceed in which cases

* reject the whole request with a error-message
* reset form-fields where you don't expect an array as input
* reset from-fields with out-of-range input values

here you go:
https://en.wikipedia.org/wiki/Data_validation