Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100433
Return-Path: <lester@lsces.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 22873 invoked from network); 7 Sep 2017 08:08:43 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Sep 2017 08:08:43 -0000
Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain lsces.co.uk designates 185.153.204.204 as permitted sender)
X-PHP-List-Original-Sender: lester@lsces.co.uk
X-Host-Fingerprint: 185.153.204.204 mail4.serversure.net Linux 2.6
Received: from [185.153.204.204] ([185.153.204.204:38826] helo=mail4.serversure.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 22/8D-10715-88EF0B95 for <internals@lists.php.net>; Thu, 07 Sep 2017 04:08:42 -0400
Received: (qmail 31238 invoked by uid 89); 7 Sep 2017 08:08:38 -0000
Received: by simscan 1.3.1 ppid: 31232, pid: 31235, t: 0.0474s
         scanners: attach: 1.3.1 clamav: 0.96/m:52/d:10677
Received: from unknown (HELO ?10.0.0.7?) (lester@rainbowdigitalmedia.org.uk@81.138.11.136)
  by mail4.serversure.net with ESMTPA; 7 Sep 2017 08:08:37 -0000
To: internals@lists.php.net
References: <CAGa2bXafM0QgMdCuUfEnNcejHAi208=4tCqbi1APT20Z_jcvuQ@mail.gmail.com>
 <CAGU04m+RtKkPkmzCzFjHvT=pHE9_tVzWuSd6umk2P1U-g8wy_Q@mail.gmail.com>
 <CADyq6s+QpHB2iPb=T=M2NL1aUTS=Uuf07WpQR5j26kFKDCxzpg@mail.gmail.com>
 <0C7F986C-B0BC-4315-98ED-B4FD003B9399@gmail.com>
 <CAGa2bXa-6kN1yEbnVzbReLX3qH2gVJ5LTmfR31jOp_GwASbrrA@mail.gmail.com>
 <e14c1e6f-4677-6a87-ef30-e3e627c26270@lsces.co.uk>
 <c08cbbf5-fb27-7c50-3bcc-c89ccfbd6202@rhsoft.net>
 <2a4491b4-e6f5-4297-beec-363f373a93e6@lsces.co.uk>
 <3f8be7b1-0e59-21c6-4fe8-8299b2c05645@rhsoft.net>
 <6ba62d62-f1ab-9e7b-93f0-a1a9238c47a6@lsces.co.uk>
 <CAGa2bXYch8UJ70No=UvqtQ79pKbJ1MRtHN0QLk8kCSV+yhMNbg@mail.gmail.com>
 <f8959d0a-429f-4efc-8682-572680a075fa@lsces.co.uk>
 <E83D7E80-5DC8-49AC-9FA6-D6C1A42ADAE7@gmail.com>
 <0db9cfa3-2b31-ee41-713c-889b7cc06406@lsces.co.uk>
 <E9DCBF61-8B3D-41C3-9D09-61C6CC8810F3@gmail.com>
 <CA+kxMuSuB7xcMYXcsVj4NDZKwBZWq3sbt2h6s9J4QxzOcfCTHg@mail.gmail.com>
 <CAGa2bXZVQPtYi2-MeOmAHXFSwa84ipkAbA7UTYphwhfNjw8QzA@mail.gmail.com>
Message-ID: <1b8b5f0d-ff8a-3820-ebd6-192e1915a97a@lsces.co.uk>
Date: Thu, 7 Sep 2017 09:08:37 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAGa2bXZVQPtYi2-MeOmAHXFSwa84ipkAbA7UTYphwhfNjw8QzA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] A validator module for PHP7
From: lester@lsces.co.uk (Lester Caine)

On 07/09/17 05:26, Yasuo Ohgaki wrote:
> As I wrote in README.md, there are only 3 types of inputs.
> 
>  1. Valid data should accepted.
>  2. Valid data should accepted, but user's mistake. e.g. Logical error like
> your example above.
>  3. Invalid. Anything other than 1 and 2 (i.e. Client cannot send these
> value)
> 
> "validate" module is supposed to take care 3 which is nothing to do with
> models, etc.
> It should validate against input data spec, not logical meaning of the
> input. If programmer did this, single responsibility principle is broken.

BUT you require an accurate 'input data spec' in order to establish what
is not part of '3' and this is the same metadata that is needed to ALSO
define the 'logical checks'. Once you have established that the input
data has a valid set of data you need to VALIDATE that the data is
within the limits defined by the 'input data spec' and those checks ALSO
apply to any subsequent processing of the data set. The 'input data
spec' is important not only to your 'single validation process', but
also to further processing that data prior to producing some sort of
output. ( No mention of databases but in a lot of cases that is where
the key metadata resides? )

My point is that the 'input data spec' is not simply a stand alone array
of data only used by the validator. It is something either created by
other parts of the 'logic' or it is needed to give individual responses
to 'user's mistake' as per '2' ...

I understand that you want to return a 'fail' at the earliest possible
point, and a single step 'validate' meets that need, but the bulk of the
reasons validation should fail is because someone is trying to hack a
site by creating 'user's mistakes' that pass '3' that are not handled
correctly by '2'. I think where the latest offering fails is that it now
requires that any 'custom' validation needs to be written in 'C' while
that same code may be needed as a PHP version as in Dan's example. The
validation processing needs to be ABLE to be iterated through variable
by variable once one has established that there IS a valid set of
variables to work with.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk