Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:52648
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain priacta.com designates 64.95.72.238 as permitted sender)
To: dukeofgaming <dukeofgaming@gmail.com>, "Ford, Mike"
	<M.Ford@leedsmet.ac.uk>
CC: Etienne Kneuss <colder@php.net>, "internals@lists.php.net"
	<internals@lists.php.net>
Date: Wed, 1 Jun 2011 06:17:08 -0400
Thread-Topic: [PHP-DEV] Re: RFC: Short syntax for Arrays (redux)
Thread-Index: AcwgQW/3Xw4q6JfnTWS10fYrZtC9pQAAFL0w
Message-ID: <A633CF2D7C7BED41B41F1E64F25507B80602209EFC@MAILR001.mail.lan>
References: <CA0AE764.2E07%marcel.esser@croscon.com>
 <BANLkTikzAz_GEdp_n042CfgNMrWWHjWb7g@mail.gmail.com>
 <BANLkTinfH4t=2V=LaRHKKX-NRa5KbpqAZA@mail.gmail.com>
 <BANLkTimAuOHDZmwAaZ8M6hkCGwhwYW4Baw@mail.gmail.com>
 <3158105795AAC1408619EC8BA03384A90A2D1C@EXC-MBX02.leedsmet.ac.uk>
 <BANLkTi=KDLrWRHs8Po8MtpksDZFkGYWfwA@mail.gmail.com>
In-Reply-To: <BANLkTi=KDLrWRHs8Po8MtpksDZFkGYWfwA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: RE: [PHP-DEV] Re: RFC: Short syntax for Arrays (redux)
From: johncrenshaw@priacta.com (John Crenshaw)

Using an explicit json_decode is actually a huge problem. It isn't just har=
d to write encoded stuff into strings, it is a security issue because you h=
ave to encode the values that you are then encoding into JSON. For example:

json_decode('{a: "a", b: "b", foo: "'.$_POST['foo'].'"}'); // !!! Security =
problem !!! Value injection is possible with a properly formed 'foo' parame=
ter in the post.

To avoid this, you have to do the following:
json_decode('{a: "a", b: "b", foo: '. json_encode($_POST['foo'].'}');

Compare that clunky monstrosity to:
{a: "a", b: "b", foo: $_POST['foo']};

Remember that this syntax is less about constants and more about binding va=
lues into some structure.

As a C++ programmer I whole heartedly agree with the confusion point, but a=
s a PHP developer I don't. Basically every PHP developer is going to be fam=
iliar with JavaScript, because it is also a web language. Go to oDesk.com, =
and you can't find a developer looking for PHP work who doesn't know how to=
 work with jQuery or similar. Browser fragmentation makes jQuery or somethi=
ng similar almost essential for modern web development, and JSON is used ex=
tensively in all of these frameworks. Any PHP developer worth a dime will k=
now exactly what they are looking at.

I agree that [a: 'b'] would be totally wrong. This doesn't look like PHP OR=
 JSON, and is likely to cause confusion. If [a=3D>$b] is the only syntax pe=
ople can agree on, I can live with that, but IMO that syntax will actually =
create MORE confusion than just allowing pure JSON (opinion informed by try=
ing to get new devs up to speed on a project that uses MongoDB.)

John Crenshaw
Priacta, Inc.

-----Original Message-----
From: dukeofgaming [mailto:dukeofgaming@gmail.com]=20
Sent: Wednesday, June 01, 2011 5:51 AM
To: Ford, Mike
Cc: Etienne Kneuss; internals@lists.php.net
Subject: Re: [PHP-DEV] Re: RFC: Short syntax for Arrays (redux)

After that argument, I think I'm against ":" now too. +1 to "=3D>"

Could "{ }" be implemented for objects too then?.

Regards,

David

On Wed, Jun 1, 2011 at 4:36 AM, Ford, Mike <M.Ford@leedsmet.ac.uk> wrote:

> > -----Original Message-----
> > From: ekneuss@gmail.com [mailto:ekneuss@gmail.com] On Behalf Of
> > Etienne Kneuss
> > Sent: 01 June 2011 01:57
> > To: internals@lists.php.net
> > Subject: Re: [PHP-DEV] Re: RFC: Short syntax for Arrays (redux)
> >
> > +1 for a short array syntax.
> >
> > But only if you keep it consistent, PHP has always been using =3D> for
> > key/val association, I don't see any reason to suddenly provide
> > "key":
> > "val", unless what you want is to confuse people.
>
> Hear, hear and hear, hear to that!
>
> ['a': 'b'] just feels completely un-PHP-like, and I'd be totally
> against it.
>
> If the desire is to have a "native" JSON syntax so that you can eval()
> imported JSON, then I'm completely anti that, too -- that's a case
> where I'd far rather be explicit and use json_decode(). And since, no
> matter how you slice it, you're never going to get a complete fit
> between native PHP structures and JSON encoding, I don't believe you
> should even try.
>
> I just can't see the problem with saying: PHP arrays (and maybe
> objects?) look like *this*, and if you want to import/export them
> from/to a JSON representation, there are functions to do it like
> *this*. This seems to be the perfectly sensible approach of other
> languages I've used recently (although my perl is somewhat out-of-date,
> and my python even more out-of-daterer and minimal at that!). Even
> ECMAScript is going down the route of explicit conversion with
> JSON.parse() and JSON.stringify() in ECMAScript 5!
>
> All in all, still +1 for [1, 2=3D>2, 'a'=3D>'b'], and -several million (f=
or
> style) for any syntax involving colons.
>
> Cheers!
>
> Mike
>  --
> Mike Ford,
> Electronic Information Developer, Libraries and Learning Innovation,
> Leeds Metropolitan University, C507 City Campus,
> Portland Way, LEEDS,  LS1 3HE,  United Kingdom
> E: m.ford@leedsmet.ac.uk     T: +44 113 812 4730
>
>
>
>
>
>
> To view the terms under which this email is distributed, please go to
> http://disclaimer.leedsmet.ac.uk/email.htm
>