Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:115107 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 62166 invoked from network); 24 Jun 2021 10:15:30 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 24 Jun 2021 10:15:30 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 6B60A1804CC for ; Thu, 24 Jun 2021 03:34:14 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail1.25mail.st (mail1.25mail.st [206.123.115.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 24 Jun 2021 03:34:13 -0700 (PDT) Received: from smtpclient.apple (unknown [49.48.221.121]) by mail1.25mail.st (Postfix) with ESMTPSA id 457CE605BF; Thu, 24 Jun 2021 10:33:56 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\)) In-Reply-To: Date: Thu, 24 Jun 2021 17:33:53 +0700 Cc: Scott Arciszewski , Bruce Weirdan , Craig Francis , Larry Garfield , php internals Content-Transfer-Encoding: quoted-printable Message-ID: <26037CB4-4723-4DC5-BD92-BBDC4F548E17@koalephant.com> References: <03f7955c-69a8-4841-9245-449d7851e207@www.fastmail.com> <95D16F2E-E9DD-4964-A0E2-62E1FB0D976B@koalephant.com> <4DE5E2EC-26D6-4D2C-95A9-B843B440EE87@koalephant.com> To: Kamil Tekiela X-Mailer: Apple Mail (2.3654.100.0.2.22) Subject: Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted From: php-lists@koalephant.com (Stephen Reay) > On 24 Jun 2021, at 17:07, Kamil Tekiela wrote: >=20 > Hi Stephen, >=20 > I believe the idea was for dynamically generate table names, or = numbered tables/columns. E.g.=20 >=20 > function getTable(string $table){ > // is_literal check here > } >=20 > $number =3D (int) $_GET['tableno']; > if($number < 0 || $number > 10) { > throw new Exception("Invalid number"); > } >=20 > $tablename =3D 'table_'.$number; > getTable($tablename); >=20 > The number is concatenated to the table name.=20 >=20 > =E2=80=94Kamil Hi Kamil, Thanks for at least trying to answer this question. I=E2=80=99m sure someone somewhere does that and thinks its a good idea. = I respectfully (to you; probably less respectfully to someone if they = tell me they do this) disagree. I don=E2=80=99t think PHP should = necessarily shy away from features because they=E2=80=99re potentially = dangerous, but I also don=E2=80=99t think it should be adding new = features/functions that are more dangerous, just to make some weird (IMO = bad-practice) edge cases easier. I=E2=80=99d suggest if they insist on that bizarre naming pattern, _and_ = want to use a literal string check, they could define an array of string = numbers that represent their table names. $tbls =3D [=E2=80=980=E2=80=99, =E2=80=981=E2=80=99, =E2=80=982=E2=80=99, = =E2=80=983=E2=80=99, =E2=80=984=E2=80=99, =E2=80=985=E2=80=99, ...]; getTable(=E2=80=99table_=E2=80=99 . $tbls[$number]); Cheers Stephen=