Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95116
Return-Path: <ocramius@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 44683 invoked from network); 13 Aug 2016 13:43:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Aug 2016 13:43:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=ocramius@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ocramius@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.43 as permitted sender)
X-PHP-List-Original-Sender: ocramius@gmail.com
X-Host-Fingerprint: 74.125.82.43 mail-wm0-f43.google.com  
Received: from [74.125.82.43] ([74.125.82.43:35622] helo=mail-wm0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 44/31-36656-AF32FA75 for <internals@lists.php.net>; Sat, 13 Aug 2016 09:43:22 -0400
Received: by mail-wm0-f43.google.com with SMTP id f65so21395049wmi.0
        for <internals@lists.php.net>; Sat, 13 Aug 2016 06:43:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=ZOfT+3fj68EyM2La2KGJs2/fFRrwYQa2MkJyMhOW2Lk=;
        b=kob3FCFd7P1ivmQq3D0tf68sI72LnooW8UmkPddXDMoKN80RgBaOsqoh12gmCOhjU8
         cDHtcWpJ0Az2fdVyue4UzB+vFLOR1cQga7F6IXh1GTZvD99/w5Q543vz/Jo3aOC+EGP6
         kK+pu+GciB8Klg6XAi8tiu5kHQWc00GkJVdTnUpTlADMnJU5Lxr9a0etKHxnLTg/aLiK
         P81JYBV8PFtk1tATMOa1i3Fu4Tv7ApeNBtsYSh6rdzfMr2B8gn9BA/FKUDr7gA1eirOD
         garfOlrP1ize6j34HojqxuTd2+ly6B/lyCk46v6Mzw9cYZMKOZ6j/+lpPjCHnrDuLNs3
         rsGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=ZOfT+3fj68EyM2La2KGJs2/fFRrwYQa2MkJyMhOW2Lk=;
        b=ZF93KosUoIzwSzfENDQAbPu4UQo3S5HGK+cgKRxzsrIhv/ftz7c5y5IvBvILsictmJ
         EhTDjkaoAxumpKLpV16WMrwliuZX+k+rQA/YREYnhmRvUpn8tobu7ZolH4DTunVaE/K8
         t78Zv7+s4O4eJfnCbtS83an+5LNGJ4Mg5RbQwWPLJT/uE9jtEtZGbhmvBXSCUVsALpgI
         87GKgtNv01WpG1T75JiGt+mhC+1vZ4sT7Kh/u0KJVXGejIMjn3joMp0HXTlm7d7enqg+
         BeqAkA8ou/T0ZY9vEw8XJEgj+Cu2oXtb9q2pWqDnZRbUthWQNn7la2/j0AlaNz6w4d13
         H72g==
X-Gm-Message-State: AEkoousIfMvaJIGbjNZI1wizuJxNY5yNWTZGi2ZZbE95f/JMDRwbeMA26uY3rHLJzJTg1U6h1GaJ9TyZzSMb+A==
X-Received: by 10.28.87.3 with SMTP id l3mr3949428wmb.71.1471095799447; Sat,
 13 Aug 2016 06:43:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.125.242 with HTTP; Sat, 13 Aug 2016 06:43:17 -0700 (PDT)
Received: by 10.194.125.242 with HTTP; Sat, 13 Aug 2016 06:43:17 -0700 (PDT)
In-Reply-To: <E1.B7.55605.EC1EEA75@pb1.pair.com>
References: <10fbcb03-5de8-4d9a-da1c-7e2bf77937cb@lsces.co.uk>
 <CAEYWF=4kkvmp8TCmRhdhzzM-sWpk+-sYE7u2eP1Jf3NkshFiJA@mail.gmail.com>
 <CABdc3WqYeoXoHL-E4adjoZTVr1bs1CHfRaDmoqtmpGW7yREmUA@mail.gmail.com>
 <c76f0716-4881-4aae-2fbd-f1af70fd6114@lsces.co.uk> <CANUQDCjaXeJsCAjyE+q-UhXCFjexwRYWLKzMfwRQVDaEwVbLog@mail.gmail.com>
 <E1.B7.55605.EC1EEA75@pb1.pair.com>
Date: Sat, 13 Aug 2016 15:43:17 +0200
Message-ID: <CADyq6sKZRBvYFtqyKYVYM4iUEx+2OuUJvHeP1jznM56k3+hznA@mail.gmail.com>
To: Tony Marston <TonyMarston@hotmail.com>
Cc: PHP Internals List <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a11442a6a8e85f50539f42e39
Subject: Re: [PHP-DEV] Simple variable handling.
From: ocramius@gmail.com (Marco Pivetta)

--001a11442a6a8e85f50539f42e39
Content-Type: text/plain; charset=UTF-8

So much confusion...

There are 3 (or more) types of validation in pretty much every web-app, so
let's please stop calling it simply "validation".

1. frontend validation (unsafe/unreliable), prevents invalid data
submission, makes things friendlier for the user
2. form validation, in the application layer (your mvc framework or your
entry point php script): returns error messages to the client (in HTML or
json or whatever you prefer). It is still not the source of truth
3. domain validation, in the core of your domain logic, throws exceptions
and generally stops execution whenever invalid data is provided: no nice
error messages required, except for logging/debugging purposes

Other than that, the process of validation is a simple function, and not a
magic box:

validate :: value -> (bool, [string])

It receives a value (nested, if necessary) and tells us if it is valid or
not, plus why (as a set of strings, usually).

This is validation. Please do use separate terminology if you mean:
* "frontend (client-side) validation"
* "frontend (server-side) validation"
* "domain validation"

Even more specific if you are going with something different, please.

On 13 Aug 2016 11:01, "Tony Marston" <TonyMarston@hotmail.com> wrote:

> "Niklas Keller"  wrote in message news:CANUQDCjaXeJsCAjyE+q-UhXC
> FjexwRYWLKzMfwRQVDaEwVbLog@mail.gmail.com...
>
>>
>> 2016-08-11 14:42 GMT+02:00 Lester Caine <lester@lsces.co.uk>:
>>
>> On 11/08/16 04:56, Michal Brzuchalski wrote:
>>> > You want to stick such validation at runtime at any time with variable
>>> and
>>> > throwing \TypeError at any time constraint is broken - wouldn't it >
>>> cause
>>> of
>>> > throwing much more unexpected exceptions during runtime?
>>> > Imagine you'll be passing such variable with constraint into some >
>>> object
>>> > who operates on it and it should expect \TypeError at any time because
>>> you
>>> > newer know what sort of constraint and optional validation callback is
>>> > sticked to variable!
>>>
>>> Now this is where the fundamental difference in styles comes in.
>>> PERSONALLY I would not be looking to throw exceptions at all. The whole
>>> point of validation is to handle any validation error ... and it is an
>>> error not an exception.
>>>
>>>
>> If not by using exceptions, how would you handle them if you assign such
>> checks to variables and assign a wrong value?
>>
>> Regards, Niklas
>>
>>
> I agree 100% with Lester. Data validation errors are NOT exceptions, they
> are simple errors. Exceptions are supposed to be for exceptional or
> unexpected events, usually pointing to a bug in the code which needs
> fixing, whereas data validation errors are totally expected and regular
> occurrences.
>
> I solved the data validation problem over a decade ago by writing a simple
> validation function that has two input variables - an associative array of
> field names and their values (such as the $_POST array), and a multi-level
> array of field specifications which has a separate array of specifications
> (type, size, etc) for each field in that table. The output is an array of
> errors which can contain zero or more entries. I DO NOT use exceptions
> because (a) they are errors and not exceptions, and (b) if I throw an
> exception on the first error then further validation is stopped, and
> everyone knows that there may be multiple errors in a single array of
> values.
>
> If you are still writing code to perform such data validation then you are
> behind the times. If you expect the language to perform the validation for
> you then your expectations are unreasonable.
>
> --
> Tony Marston
>
>
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--001a11442a6a8e85f50539f42e39--