Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95176
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 217.147.176.230 cause and error)
To: internals@lists.php.net
References: <CAGa2bXarw2jTj0yhXpywWNQOJLR2pdhfaqSdwj_btT2giEL15Q@mail.gmail.com>
 <CAGa2bXadVagTwBzEym9PZROmXu3SKxg=huCAQNK3k1-jZeG_pg@mail.gmail.com>
 <CAGa2bXY-vmEgEFrE0OxQPSx=FKHeHdCayrDXxtTkHUVaJbV+-A@mail.gmail.com>
 <CA+kxMuRiOBQpmTeKqNyV8rX0GKCLrYixi--y5TcYUkdqpT746w@mail.gmail.com>
 <CAGa2bXa78fkZw8gtepmBDu+VDwHW_WiDDv65=zzgLTFqYxF+DA@mail.gmail.com>
 <CADyq6s+Y-OeKEyMus5s7xp9MqY7Fq7udqd5BRwtyGXbYCY1Uag@mail.gmail.com>
 <CADyq6sJuHCrLOoL22MWHv+cfrQQx9z=avswCpDVmnuyBCAchsA@mail.gmail.com>
 <CADyq6sKs=e_1Pc_CCLuThsU-qsvRseQcpx=sWKB_uhWsg=aRmQ@mail.gmail.com>
 <7795ca21-bd70-fe65-9519-af95fdfee33f@gmail.com>
Message-ID: <45ab7fc3-0ffc-62de-bbca-c6cb34d595ae@lsces.co.uk>
Date: Mon, 15 Aug 2016 09:27:11 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2
MIME-Version: 1.0
In-Reply-To: <7795ca21-bd70-fe65-9519-af95fdfee33f@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter
 module
From: lester@lsces.co.uk (Lester Caine)

On 15/08/16 06:17, Stanislav Malyshev wrote:
>> There is misunderstanding on this.
>> > As I wrote explicitly in the RFC, input validation and user input
>> > mistakes must be handled differently.
>> > 
>> > "The input validation (or think it as assertion or requirement) error"
>> > that this RFC is dealing, is should never happen conditions (or think
>> > it as contract should never fail).

> This is what I'm not sure I understand - when this approach would be
> used? I.e. if I get data from the user, I surely can not claim I can
> impose any conditions on the data that would never fail. Is it assumed
> I'd pre-filter the data before passing it to this filter?

Keeping things simple ...
I like your nice flowchart ... BUT

Input logic is a LOT more complex than that. I need to be able to use
the rule set that you are hiding in the filter to CREATE the page that
your little man is looking at. Those rules create the browser side
validation everybody seems to think is pointless, but is essential in
modern web apps? Those rules may well flag that if some 'variable'
already exists browser side actions can amend the workflow and load the
selected data. At the very least input validation once the input array
reaches the server may require different rules based on some of the
responses, and 'business logic' requires 'sanitized' variables to carry
out that process. Sanitation that may vary depending on the workflow.

Basically the simplistic view that everything can be reduced to a fixed
single chain is not what happens in reality. The output array to amend
the stored data WILL have a different set of variables depending on the
route through, so any filter needs to be able to be built from the set
of rules that the variables define. And in my own storage process, the
set of variables being stored are individual records in table who's
wrapping transaction must complete or roll back and add new failure
flags to the set of variables before deciding what to return to the user
screen. You can not assume your output process will complete without
errors and those errors will amend the rest of the chain.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk