Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95185
Return-Path: <TonyMarston@hotmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 47725 invoked from network); 15 Aug 2016 11:00:17 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Aug 2016 11:00:17 -0000
X-Host-Fingerprint: 80.177.120.119 marston-home.demon.co.uk  
Received: from [80.177.120.119] ([80.177.120.119:24747] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 90/51-36656-0C0A1B75 for <internals@lists.php.net>; Mon, 15 Aug 2016 07:00:17 -0400
Message-ID: <90.51.36656.0C0A1B75@pb1.pair.com>
To: internals@lists.php.net
References: <CAGa2bXarw2jTj0yhXpywWNQOJLR2pdhfaqSdwj_btT2giEL15Q@mail.gmail.com> <CAGa2bXadVagTwBzEym9PZROmXu3SKxg=huCAQNK3k1-jZeG_pg@mail.gmail.com> <CAGa2bXY-vmEgEFrE0OxQPSx=FKHeHdCayrDXxtTkHUVaJbV+-A@mail.gmail.com> <CA+kxMuRiOBQpmTeKqNyV8rX0GKCLrYixi--y5TcYUkdqpT746w@mail.gmail.com>
In-Reply-To: <CA+kxMuRiOBQpmTeKqNyV8rX0GKCLrYixi--y5TcYUkdqpT746w@mail.gmail.com>
Date: Mon, 15 Aug 2016 12:00:13 +0100
Lines: 1
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="UTF-8";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Newsreader: Microsoft Windows Live Mail 16.4.3564.1216
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3564.1216
X-Posted-By: 80.177.120.119
Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module
From: TonyMarston@hotmail.com ("Tony Marston")

"Dan Ackroyd"  wrote in message 
news:CA+kxMuRiOBQpmTeKqNyV8rX0GKCLrYixi--y5TcYUkdqpT746w@mail.gmail.com...
>
>Hi Yasuo,
>
>On 15 August 2016 at 01:53, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>
>> One more usual request.
>> Please describe reason(s) why you object proposal.
>
>
>I'm not entirely sure why you ask for reasons when people vote no. The
>reasons are almost always the same as the reasons given before the
>voting starts.
>
>But for posterity:
>
>i) Validation error messages need to specify what is wrong.....which
>is bespoke to the application. Which is a reason why validation code
>belongs in userland.

I agree 100%

>ii) Validation error message need to be in the correct language for an
>application. It is not a good approach for people to be trying to
>match strings emitted by internal code and trying to convert them to
>the correct language.

I agree 100%

>iii) The argument that it needs to be fast could be applied to
>anything and everything, and so is bogus. The RFC doesn't even show
>that userland implementations are slow enought to be a concern.
>
>iv) The RFC makes an assumption that programs should exit when validation 
>fails.
>
>"Input data validation should accept only valid and possible inputs.
>If not, reject it and terminate program."

I DISagree 100%. Validation errors should NEVER terminate the program, they 
should continue by displaying all the error messages to the user so that 
he/she can correct his/her mistake and try the operation again.

>and the code example:
>
>> catch (FilterValidateException $e) {
>>    var_dump($e->getMessage());
>>    die('Invalid input detected!'); // Should terminate execution when 
>> input validation fails
>> }
>
>This assumption is bogus.
>
>Any program that accepts data from users should provide useful error
>messages when the data is wrong with someting as simple as a string
>being too long.

I agree 100%

>v) I don't like the current filter functions, and recommend people
>avoid using them. Adding to them with an even harder to use API is the
>wrong way to go.

I agree 100%

-- 
Tony Marston