Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:19993
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Message-ID: <437932CE.80000@zend.com>
Date: Tue, 15 Nov 2005 03:58:54 +0300
User-Agent: Thunderbird 1.5 (X11/20051025)
MIME-Version: 1.0
To: Roman Ivanov <gamblergluck@yahoo.com>
CC: internals@lists.php.net
References: <84.9C.07637.EEB48734@pb1.pair.com> <6A.CC.07637.49C48734@pb1.pair.com> <CC.51.07637.BDD58734@pb1.pair.com>
In-Reply-To: <CC.51.07637.BDD58734@pb1.pair.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: results of the PHP6 wishlists
From: antony@zend.com (Antony Dovgal)

On 14.11.2005 12:55, Roman Ivanov wrote:
> wishlist> input filter extension (including some element of user 
> wishlist> control)
> 
> Will it be used _instead_ of $_POST and $_GET? 

An extension instead of the arrays?
You must be missing something...

> Honestly, I'm not so sure 
> it's a good idea to implement it like PECL extension does. Filtering 
> individual variables is, in my opinion, a wrong way to treat user input.

You may filter data recursively, so filtering, for example, _POST or _GET would work fine.

> Besides, is it really necessary to make input filtering a part of the 
> language?

An extension is not a part of the language, you may or may not compile it, while the language is still there.

> It's a very high-level feature, and implementation may vary 
> according to the needs of the developer. Plus, it's perfectly doable in 
> pure PHP. 

Yeah, that's why you can use your own callback for filtering.

> In fact, I would go as far as removing session handling 
> functions from the "core" language too. 

You're late.
Four or three years ago I'd agree with you, but it's too late for that.

-- 
Wbr, 
Antony Dovgal