Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95083 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 32410 invoked from network); 12 Aug 2016 10:23:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 12 Aug 2016 10:23:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=peter.e.lind@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=peter.e.lind@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.43 as permitted sender) X-PHP-List-Original-Sender: peter.e.lind@gmail.com X-Host-Fingerprint: 74.125.82.43 mail-wm0-f43.google.com Received: from [74.125.82.43] ([74.125.82.43:38560] helo=mail-wm0-f43.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 86/1D-56950-BB3ADA75 for ; Fri, 12 Aug 2016 06:23:56 -0400 Received: by mail-wm0-f43.google.com with SMTP id o80so23609461wme.1 for ; Fri, 12 Aug 2016 03:23:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CjDNye5PjnicfWslzKiFQY7h0w6AKCOpJaeLxeUjZ/4=; b=kuhk6528qCedIVUAfBD3xgIdvIZn6nIpTk8+Yz58RPtWLlYRAEFhc3rfmnRB23m0jE PTLq+Cvj+3JC4UCgSwwEWP+cYoRg+GlRkfhlpoYIC2iNraFHDZZ+4nlGHh4MHIs1cc7R KKYlOAPvl7jJmVfUWcqGU67DPCZOh8m24WDj7YeK9dRZe11lrrRqZehLHVjHAjRgOkNr ZwyL4f9jcO1Ho4CHDFU1GNtS0OQMmrZQ6bGy0ToAstd/XyCGF5aR9bKirUwTGDGw+Xq9 TBGg34OYpSkXhlOcTvmpCbfoMR39BbPaXWusc81Su3FsrqkND+AEV64dzfczpZEi8CNe sopQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CjDNye5PjnicfWslzKiFQY7h0w6AKCOpJaeLxeUjZ/4=; b=eLsK2thSfchpQB+tR4lzNJEqgLCckMeMZmNGRp1psnswRC3lzkVaa3dNWigfFIgs+n ch6Zdr964KRMGKUKcu7D+SZ+idYsgaeD60uGKiOvV1v97O80Vsy0VC+cwUxjfTo8OnUc /WyX7zyrKSrHNrHWLLVjOBrAPTqRCEwh17o+aSQcQte6IzBz9z0E9lHOWNnsBy0sy3Yt 7C2XJKElQtCiByCxYM+XlvjhnZoUw7lEsYDhLX2V4K3d9iQ8TXPWOnLyOKZM8TjuZCiy hmKVbkn5SvHvfMbyUcbaMjUuhTA5oiz1Iwfb4Uaxe2Hcu+vrHJdIa3EbJNblA6Jz3Wj0 udpg== X-Gm-Message-State: AEkoouvzNVTdOXIL8hRTQF8DOsYDs+/9ig9Rv7ThMBH7SJfVuq1IN7v9EK1ny61gt92ITdypYZ7oTKyR54JNoQ== X-Received: by 10.28.207.132 with SMTP id f126mr2163022wmg.40.1470997432448; Fri, 12 Aug 2016 03:23:52 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.123.163 with HTTP; Fri, 12 Aug 2016 03:23:31 -0700 (PDT) In-Reply-To: References: <10fbcb03-5de8-4d9a-da1c-7e2bf77937cb@lsces.co.uk> <5657afc7-7569-5fc4-4a5a-27ed786c4fa5@gmail.com> <0825c173-5cb4-7f65-cf34-b45ca30919a3@lsces.co.uk> <8646c3ad-b929-cb0b-bad4-52a0a7160d16@gmail.com> <11ce571b-964b-5a3e-9f2f-3f69a8bc20b4@lsces.co.uk> <7d9db8d5-ae7a-4123-14f4-f76fb6d764c5@gmail.com> <1e14c4b9-65ce-4742-589f-19fe9290be0f@lsces.co.uk> Date: Fri, 12 Aug 2016 12:23:31 +0200 Message-ID: To: Lester Caine Cc: PHP internals Content-Type: multipart/alternative; boundary=94eb2c0d49966d3ab00539dd47d6 Subject: Re: [PHP-DEV] Simple variable handling. From: peter.e.lind@gmail.com (Peter Lind) --94eb2c0d49966d3ab00539dd47d6 Content-Type: text/plain; charset=UTF-8 On 12 August 2016 at 12:13, Lester Caine wrote: > On 12/08/16 10:42, Peter Lind wrote: > > On 12 August 2016 at 11:25, Lester Caine wrote: > > > > Thanks for the ideas on this feature. > > > > A few thoughts. > > 1. The RFC for this isn't a change - it's an addition. If it gets > accepted > > and implemented, you still would not have to change your code if you > didn't > > want to. > I think that is the whole point ... > > You're making different points, so maybe you should then be clearer. > > 2. There are differing ways of using the language. Yours is not better - > > merely different. So I would think a relevant question is: can the RFC in > > point support your style of coding along with that of others. A critical > > point is throwing exceptions on invalid data, which might be hard to > handle. > Exceptions get generated hen something unhandled happens. Simple example > 'divide by zero' only happens if the divisor is zero. If the variable > used has a constraint of 'not zero' and has been validated then the > exception will not be raised. My style would validate the divisor and > only call the divide if it was going to work, others would allow the > divide to fail and MAY actually handle the exception ;) > > That doesn't address the point: if the feature should throw exceptions or not, or allow for both styles. > > 4. I think your suggestions might conflate validation and sanitation - > > these are not the same and cannot be handled as one > That people try to inject malicious input via variables is a different > problem. Firebird database has always preferred parameter data so SQL > injections just don't work, but other stuff does need clearing when > input rather than simply relying on escaping unprocessed output. Again > it's programming sytle? > > No, it's not programming style. Conflating validation and sanitation/escaping is wrong, because the contexts are different. > > That said, I generally think that built-in methods that accept Callables > > are a great way to go. It encourages reuse through modular composition - > > and could likely be a neater way around the throw exception/return error > > code issue. It's obviously doable from userland, but could probably be > > improved if implemented in the language. > > It was the fact that Yasuo was adding these rules into his array > validation stuff that just grates so badly with what is actually needed ... > > > Yasuo was presumably scratching an itch that he (and possibly others) feel. As such, it is in fact "what is actually needed". It just doesn't happen to be what *you* actually need, but that doesn't mean it won't fit perfectly for many others. Regards Peter -- CV: careers.stackoverflow.com/peterlind LinkedIn: plind Twitter: kafe15 --94eb2c0d49966d3ab00539dd47d6--