Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95178 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 32701 invoked from network); 15 Aug 2016 09:11:09 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Aug 2016 09:11:09 -0000 X-Host-Fingerprint: 80.177.120.119 marston-home.demon.co.uk Received: from [80.177.120.119] ([80.177.120.119:15622] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5D/6E-36656-C2781B75 for ; Mon, 15 Aug 2016 05:11:08 -0400 Message-ID: <5D.6E.36656.C2781B75@pb1.pair.com> To: internals@lists.php.net References: <10fbcb03-5de8-4d9a-da1c-7e2bf77937cb@lsces.co.uk> In-Reply-To: Date: Mon, 15 Aug 2016 10:11:04 +0100 Lines: 7 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Newsreader: Microsoft Windows Live Mail 16.4.3564.1216 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3564.1216 X-Posted-By: 80.177.120.119 Subject: Re: [PHP-DEV] Simple variable handling. From: TonyMarston@hotmail.com ("Tony Marston") "Lester Caine" wrote in message news:fe222876-6875-3f07-e25b-aea2cbbedfc7@lsces.co.uk... > >On 14/08/16 09:50, Tony Marston wrote: >> If you are still writing code to perform primary validation on each >> field then your coding style is way behind the times. > >At some point you need to know the rules that wrap each field you are >working with. My automatic validation routine has the following method signatures: a) $fieldarray = $valiationObj->validateInsert($fieldarray, $fieldspecs); b) $fieldarray = $valiationObj->validateUpdate($fieldarray, $fieldspecs); $fieldarray is an associative array of 'name=value' pairs, such as supplied in the $_POST array. $fieldspecs is a multi-level array in the form 'name=specs' where 'specs' is an array of specifications for that particular field/column. The specs provide values for type (string, number, date, time, datetime), size, and nullable. Numbers may also have values for minvalue, maxvalue, precision and scale. The operation of each of these two methods is very simple - it iterates through the two arrays and checks that each value matches its specifications. Any error messages are added to the $this->errors array, not thrown as exceptions. The origins of $fieldarray should be obvious. The $fieldspecs array is constructed from data which is originally extracted from the database schema, imported into my Data Dictionary, then exported into a PHP script which is then included when the table's class is instantiated. This means that I never have to write code to perform such validation as my validation routine does everything that is necessary. I can even change the structure of a table without having to change any code - after changing the structure I simply re-import the table into my Data Dictionary and re-export the PHP script. I have been doing it this way for over a decade, so when I see people still writing reams of code for such a common function I just have to question their ability as programmers. Even worse are those who don't have the ability to write a standard validation routine so they want to change the language so that it performs the validation for them. > The sort of forms I work with have individual rules for >probably 90% of them. I'd dropped browser side checks from some site >upgrades simply to speed getting the code over and the old js/flash >solutions are no longer PC, so I'm looking to a new standard to restore >what the sites did 15 years ago! Clients like when the browser says not >valid rather than hving to press submit and wait for the new page ... > >> If you want the language to change to perform this validation for you I >> would strongly suggest that you first learn how to write a standard >> validation function in userland code - which I did over 10 years ago - >> instead of trying to make the language more complicated just to cover up >> your own shortcomings. > >My 'complaint' if anything is that EVERYBODY does that now and there is >no problem with that, EXCEPT every solution has it's own style of >working and coding As validation code has to be written by the developer then of course there will be differences in the code produced by different developers. That is a fact of life. The efficacy of the solution is down to the skill of the individual developer, and it is another fact of life that some developers have more sills than others. > so there is no 'standard' way of passing the key >annotation that all of these systems use. Everything is built around a >set of variables? There are so many different database abstraction >layers even built on top of PDO that people simply hack them to their >own purpose rather than more effort being put into producing a base that >we can all put effort towards improving. And where PHP does not have a >style people like they go off and produce a new language. Data validation should never be performed in the data access layer. It should be performed in the business layer so that only valid data is passed to the data access layer. >I'm not against all of the different styles of working, just looking to >improving the common standards of the base set of variables they are >built on top of. So I have some reason to change the remaining legacy >sites which are just working fine as long as you babysit them. Data validation has to be performed in userland code, so there will never be a "standard" method. Some methods are better than others, and IMHO the method which requires the least amount of effort on the part of the developer is the best method. -- Tony Marston