Hi guys,
the topic says most of it. What do you think about deprecating the
global keyword and $GLOBALS with it? Together with this making
$_REQUEST, $_GET and $_POST read-only as they should be used only to
read-only anyway.
The reason for global + GLOBALS is that these are abused and which leads
to spaghetti programs, when used by unexperienced users. Also they have
impact on side effects from functions that don't only rely their parameters.
Best,
Andrey
Please do not
global + GLOBALS can be used in so many ways and you would break
200.000 LOC only here which is running with reporting E_STRICT
in a production environment
The same for making $_GET/$_POST/$_REQUEST readonly
I know that it is not best practice, but sometimes
it makes life easier to fetch $_POST in a method
which overwrites a parent method and add a single
item before the parent is processing $_POST
Yes, there are many other ways to do the same but
BC-breaking trigger a lot of work and testing
Am 09.12.2010 11:14, schrieb Andrey Hristov:
Hi guys,
the topic says most of it. What do you think about deprecating the global keyword and $GLOBALS with it? Together
with this making $_REQUEST, $_GET and $_POST read-only as they should be used only to read-only anyway.The reason for global + GLOBALS is that these are abused and which leads to spaghetti programs, when used by
unexperienced users. Also they have impact on side effects from functions that don't only rely their parameters.Best,
Andrey
--
Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
Reindl Harald wrote:
Please do not
global + GLOBALS can be used in so many ways and you would break
200.000 LOC only here which is running with reportingE_STRICT
in a production environment
what happened after register_globals was introduced and registering of
globals was switched off?
The same for making $_GET/$_POST/$_REQUEST readonly
I know that it is not best practice, but sometimes
it makes life easier to fetch $_POST in a method
which overwrites a parent method and add a single
item before the parent is processing $_POST
It's bad practice.
Yes, there are many other ways to do the same but
BC-breaking trigger a lot of work and testingAm 09.12.2010 11:14, schrieb Andrey Hristov:
Hi guys,
the topic says most of it. What do you think about deprecating the global keyword and $GLOBALS with it? Together
with this making $_REQUEST, $_GET and $_POST read-only as they should be used only to read-only anyway.The reason for global + GLOBALS is that these are abused and which leads to spaghetti programs, when used by
unexperienced users. Also they have impact on side effects from functions that don't only rely their parameters.Best,
Andrey
Best,
Andrey
2010/12/9 Andrey Hristov php@hristov.com
Reindl Harald wrote:
Please do not
global + GLOBALS can be used in so many ways and you would break
200.000 LOC only here which is running with reportingE_STRICT
in a production environmentwhat happened after register_globals was introduced and registering of
globals was switched off?The same for making $_GET/$_POST/$_REQUEST readonly
I know that it is not best practice, but sometimes
it makes life easier to fetch $_POST in a method
which overwrites a parent method and add a single
item before the parent is processing $_POSTIt's bad practice.
Yes, there are many other ways to do the same but
BC-breaking trigger a lot of work and testing
Am 09.12.2010 11:14, schrieb Andrey Hristov:
Hi guys,
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together
with this making $_REQUEST, $_GET and $_POST read-only as they should be
used only to read-only anyway.The reason for global + GLOBALS is that these are abused and which leads
to spaghetti programs, when used by
unexperienced users. Also they have impact on side effects from functions
that don't only rely their parameters.Best,
AndreyBest,
Andrey--
Is copying the POST variables into another variables best practice (like a
manual register_globals)? In the global scope of the application I think
it's cleaner to work with $_POST to overwrite the values than copying the
items into variables. Inside a function/method, I agree that it's best
practice to pass $_POST as a parameter and then overwrite the values as you
need.
Regards,
Eloy Bote Falcon.
Eloy Bote Falcon wrote:
2010/12/9 Andrey Hristov php@hristov.com
Reindl Harald wrote:
Please do not
global + GLOBALS can be used in so many ways and you would break
200.000 LOC only here which is running with reportingE_STRICT
in a production environmentwhat happened after register_globals was introduced and registering of
globals was switched off?The same for making $_GET/$_POST/$_REQUEST readonly
I know that it is not best practice, but sometimes
it makes life easier to fetch $_POST in a method
which overwrites a parent method and add a single
item before the parent is processing $_POSTIt's bad practice.
Yes, there are many other ways to do the same but
BC-breaking trigger a lot of work and testing
Am 09.12.2010 11:14, schrieb Andrey Hristov:
Hi guys,
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together
with this making $_REQUEST, $_GET and $_POST read-only as they should be
used only to read-only anyway.The reason for global + GLOBALS is that these are abused and which leads
to spaghetti programs, when used by
unexperienced users. Also they have impact on side effects from functions
that don't only rely their parameters.Best,
AndreyBest,
Andrey--
Is copying the POST variables into another variables best practice (like a
manual register_globals)? In the global scope of the application I think
it's cleaner to work with $_POST to overwrite the values than copying the
items into variables. Inside a function/method, I agree that it's best
practice to pass $_POST as a parameter and then overwrite the values as you
need.
$_POST is POST, incoming variables, everything else is a hack. If you
expect that the variable might change then copy it, at least someone
this will signal that the value might have been changed somewhere.
Regards,
Eloy Bote Falcon.
Best,
Andrey
Is copying the POST variables into another variables best practice (like a
manual register_globals)? In the global scope of the application I think
it's cleaner to work with $_POST to overwrite the values than copying the
items into variables. Inside a function/method, I agree that it's best
practice to pass $_POST as a parameter and then overwrite the values as you
need.$_POST is POST, incoming variables, everything else is a hack. If you
expect that the variable might change then copy it, at least someone
this will signal that the value might have been changed somewhere.
What is the real difference between operating on $_POST directly
and some other copy of it ? Not everyone writes huge, complicated scripts
written by many different people.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h
Alain Williams wrote:
Is copying the POST variables into another variables best practice (like a
manual register_globals)? In the global scope of the application I think
it's cleaner to work with $_POST to overwrite the values than copying the
items into variables. Inside a function/method, I agree that it's best
practice to pass $_POST as a parameter and then overwrite the values as you
need.
$_POST is POST, incoming variables, everything else is a hack. If you
expect that the variable might change then copy it, at least someone
this will signal that the value might have been changed somewhere.What is the real difference between operating on $_POST directly
and some other copy of it ? Not everyone writes huge, complicated scripts
written by many different people.
conceptual. If it is a copy it means something was changed, right?
Andrey
+1 million because GLOBAL scope is horrid (generally) and is thoroughly abused
-1 million because it will be the most horrific BC break since time began and I imagine it will break so much code that is currently in the wild...
In short I like it but I'm not sure how it would ever get implemented without breaking stuff... (this is where the clever core developers can propose some easy method I can't think of right now)
-----Original Message-----
From: Andrey Hristov [mailto:php@hristov.com]
Sent: 09 December 2010 10:14
To: PHP Internals List
Subject: [PHP-DEV] Deprecating "global" + $GLOBALS, making $_REQUEST, $_GET, $_POST read-only
Hi guys,
the topic says most of it. What do you think about deprecating the
global keyword and $GLOBALS with it? Together with this making
$_REQUEST, $_GET and $_POST read-only as they should be used only to
read-only anyway.
The reason for global + GLOBALS is that these are abused and which leads
to spaghetti programs, when used by unexperienced users. Also they have
impact on side effects from functions that don't only rely their parameters.
Best,
Andrey
James Butler wrote:
+1 million because GLOBAL scope is horrid (generally) and is thoroughly abused
-1 million because it will be the most horrific BC break since time began and I imagine it will break so much code that is currently in the wild...
how hard it will be to grep for "global" and $GLOBALS?
In short I like it but I'm not sure how it would ever get implemented without breaking stuff... (this is where the clever core developers can propose some easy method I can't think of right now)
INI variable, like register_globals
-----Original Message-----
From: Andrey Hristov [mailto:php@hristov.com]
Sent: 09 December 2010 10:14
To: PHP Internals List
Subject: [PHP-DEV] Deprecating "global" + $GLOBALS, making $_REQUEST, $_GET, $_POST read-onlyHi guys,
the topic says most of it. What do you think about deprecating the
global keyword and $GLOBALS with it? Together with this making
$_REQUEST, $_GET and $_POST read-only as they should be used only to
read-only anyway.The reason for global + GLOBALS is that these are abused and which leads
to spaghetti programs, when used by unexperienced users. Also they have
impact on side effects from functions that don't only rely their parameters.Best,
Andrey
Best,
Andrey
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and
$_POST read-only as they should be used only to read-only anyway.
No thanks.
Derick
--
http://derickrethans.nl | http://xdebug.org
Like Xdebug? Consider a donation: http://xdebug.org/donate.php
twitter: @derickr and @xdebug
Derick Rethans wrote:
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and
$_POST read-only as they should be used only to read-only anyway.No thanks.
Any reasons?
Derick
Andrey
hi,
As far as I remember we discussed that already back to the php<I don't
mention it> discussions. It was not accepted because of the little
gains in regard to the major BC breaks.
However I would prefer, as far as it is technically possible,
deprecate their usage (notices/warnings) and promote filter usage
instead. The filter API can also be improved to match what we can find
in other platform (perl's cgi module for example is quite good) and
make the input data processing even more user-friendly.
Cheers,
Hi guys,
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and
$_POST read-only as they should be used only to read-only anyway.The reason for global + GLOBALS is that these are abused and which leads to
spaghetti programs, when used by unexperienced users. Also they have impact
on side effects from functions that don't only rely their parameters.Best,
Andrey--
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
hi,
As far as I remember we discussed that already back to the php<I don't
mention it> discussions. It was not accepted because of the little
gains in regard to the major BC breaks.However I would prefer, as far as it is technically possible,
deprecate their usage (notices/warnings) and promote filter usage
instead. The filter API can also be improved to match what we can find
in other platform (perl's cgi module for example is quite good) and
make the input data processing even more user-friendly.Cheers,
yeah, to throw in something:
I like the Safe levels and the tainted support in ruby:
http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html
http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.htmland I like the
idea that Inspekt provides:
http://funkatron.github.com/inspekt/
http://funkatron.github.com/inspekt/
"Inspekt acts as a firewall API between user input and the rest of the
application. It takes PHP superglobal arrays, encapsulates their data in an
"cage" object, and destroys the original superglobal. Data can then be
retrieved from the input data object using a variety of accessor methods
that apply filtering, or the data can be checked against validation methods.
Raw data can only be accessed via a 'getRaw()' method, forcing the developer
to show clear intent."
I like the explicitness of the filtering, but I think that we should allow
the developers to decide whether to use it or not.
Tyrael
hi,
As far as I remember we discussed that already back to the php<I don't
mention it> discussions. It was not accepted because of the little
gains in regard to the major BC breaks.However I would prefer, as far as it is technically possible,
deprecate their usage (notices/warnings) and promote filter usage
instead. The filter API can also be improved to match what we can find
in other platform (perl's cgi module for example is quite good) and
make the input data processing even more user-friendly.Cheers,
yeah, to throw in something:
I like the Safe levels and the tainted support in ruby:
http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.htmlhttp://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.htmland I like the
idea that Inspekt provides:
http://funkatron.github.com/inspekt/
http://funkatron.github.com/inspekt/
"Inspekt acts as a firewall API between user input and the rest of the
application. It takes PHP superglobal arrays, encapsulates their data in an
"cage" object, and destroys the original superglobal. Data can then be
retrieved from the input data object using a variety of accessor methods
that apply filtering, or the data can be checked against validation methods.
Raw data can only be accessed via a 'getRaw()' method, forcing the developer
to show clear intent."I like the explicitness of the filtering, but I think that we should allow
the developers to decide whether to use it or not.
You just described exactly how the filter extension works when you enable a default filter.
-Rasmus
Hi guys,
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and
$_POST read-only as they should be used only to read-only anyway.The reason for global + GLOBALS is that these are abused and which leads to
spaghetti programs, when used by unexperienced users. Also they have impact
on side effects from functions that don't only rely their parameters.Best,
Andrey
Please next time write an rfc before starting a thread like this.
I'm pretty much against the idea.
That would be the most dramatic change in the language in the history of
php.
The register_globals is/was a much bigger problem/bad practice and it take
10 years to remove it(we are almost there...).
And to fix the applications, one would either completely restructure all of
the functions/methods to pass all of the required data from the global
scope, or they would do the easy way: export all of the global variables
into a singleton registry.
From a Framework point of view, they should save all of the (super)global
variables from the global scope, because the frameworks doesn't use/run code
in the global scope except the bootstrap, so they couldn't access that
either, but they won't know what the developer who uses the framework want's
to access from the global scope.
And what about global constants? They are also screwing up the Dependency
Injection, and the static functions/properties, and the singletons also.
Should we ban those?
Tyrael
Ferenc Kovacs wrote:
On Thu, Dec 9, 2010 at 11:14 AM, Andrey Hristov <php@hristov.com
mailto:php@hristov.com> wrote:Â Hi guys, the topic says most of it. What do you think about deprecating the global keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and $_POST read-only as they should be used only to read-only anyway. The reason for global + GLOBALS is that these are abused and which leads to spaghetti programs, when used by unexperienced users. Also they have impact on side effects from functions that don't only rely their parameters. Best, AndreyPlease next time write an rfc before starting a thread like this.
a RFC can crystalize from this thread.
I'm pretty much against the idea.
That would be the most dramatic change in the language in the history of
php.
pretty dramatic change was the change to the object model between 4 and
- Dropping the usage of references, dropping of exchange of $this. And
also register_globals. register_globals was harder to fix, because you
can't just grep and find what variables you need from the URLs.
Situation is different with $GLOBALS and "global", as a single grep can
show you whether an application needs change or not.
The register_globals is/was a much bigger problem/bad practice and it
take 10 years to remove it(we are almost there...).
And to fix the applications, one would either completely restructure all
of the functions/methods to pass all of the required data from the
global scope, or they would do the easy way: export all of the global
variables into a singleton registry.
I am not against global variables, I'm against usage of $GLOBALS and
"global".
From a Framework point of view, they should save all of the
(super)global variables from the global scope, because the frameworks
doesn't use/run code in the global scope except the bootstrap, so they
couldn't access that either, but they won't know what the developer who
uses the framework want's to access from the global scope.
And what about global constants? They are also screwing up the
Dependency Injection, and the static functions/properties, and the
 singletons also.  Should we ban those?
no, you got me wrong. I will repeat - global variables won't cease to
exist, but $GLOBALS and "global" as means to access them should be
removed. If a function needs data it should get it passed to it.
Tyrael
Andrey
no, you got me wrong. I will repeat - global variables won't cease to
exist, but $GLOBALS and "global" as means to access them should be
removed. If a function needs data it should get it passed to it.
By & large yes, but in small/medium scripts it can be really useful
to have things like a globally scoped $dbh - so it doesn't clutter up
function calls. Yes: if the script grows to the point where it needs
more than one database handle then the script will need to be refactored,
but for huge numbers of scripts that will never be the case.
If you ban global variables people will just bung the values into
$_SESSION to get the same effect -- that would be even worse!
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h
Andrey Hristov wrote:
I am not against global variables, I'm against usage of $GLOBALS and
"global".
So how do you support global variables by banning the two ways they can
be accessed?
-1
From a Framework point of view, they should save all of the
(super)global variables from the global scope, because the frameworks
doesn't use/run code in the global scope except the bootstrap, so
they couldn't access that either, but they won't know what the
developer who uses the framework want's to access from the global scope.
And what about global constants? They are also screwing up the
Dependency Injection, and the static functions/properties, and the Â
singletons also. Â Should we ban those?no, you got me wrong. I will repeat - global variables won't cease to
exist, but $GLOBALS and "global" as means to access them should be
removed. If a function needs data it should get it passed to it.
That's like trying to forbid TSRMLS_FETCH() in php source saying "just
use TSRMLS_DC instead". Sure it is a nice goal but
a) That's not always feasible [without rewriting an insane amount of code]
b) It's not a restriction that should be imposed by the language.
Ángel González wrote:
Andrey Hristov wrote:
I am not against global variables, I'm against usage of $GLOBALS and
"global".So how do you support global variables by banning the two ways they can
be accessed?
very easy, by using them by name. Global variables are those outside of
a classes, methods and functions.
-1
From a Framework point of view, they should save all of the
(super)global variables from the global scope, because the frameworks
doesn't use/run code in the global scope except the bootstrap, so
they couldn't access that either, but they won't know what the
developer who uses the framework want's to access from the global scope.
And what about global constants? They are also screwing up the
Dependency Injection, and the static functions/properties, and the Â
singletons also. Â Should we ban those?
no, you got me wrong. I will repeat - global variables won't cease to
exist, but $GLOBALS and "global" as means to access them should be
removed. If a function needs data it should get it passed to it.That's like trying to forbid TSRMLS_FETCH() in php source saying "just
use TSRMLS_DC instead". Sure it is a nice goal but
a) That's not always feasible [without rewriting an insane amount of code]
b) It's not a restriction that should be imposed by the language.
And in all possible places TSRMLS_FETCH() is being thrown out and
replaced with TSRMLS_DC. You can check the commits to see this. If all
functions were getting the ID of the thread context one could have have
different than 1:1 mapping of request and OS threads - check the thread
scheduler of MySQL 5.1 and 5.5.
Andrey
Andrey Hristov wrote:
Ángel González wrote:
So how do you support global variables by banning the two ways they can
be accessed?very easy, by using them by name. Global variables are those outside
of a classes, methods and functions.
If they can only be used outside functions they would be more restricted
that eg. class variables.
That's like trying to forbid TSRMLS_FETCH() in php source saying "just
use TSRMLS_DC instead". Sure it is a nice goal but
a) That's not always feasible [without rewriting an insane amount of
code]
b) It's not a restriction that should be imposed by the language.And in all possible places TSRMLS_FETCH() is being thrown out and
replaced with TSRMLS_DC. You can check the commits to see this. If all
functions were getting the ID of the thread context one could have
have different than 1:1 mapping of request and OS threads - check the
thread scheduler of MySQL 5.1 and 5.5.Andrey
As I said, that's a fine goal. There are more than 400 calls to
TSRMLS_FETCH() in the release tarball. Not all of them can be changed
with a TSRMLS_DC. Furthermore, the php project would be unhappy and
broken if one of the supported OS decided to remove all kinds of thread
local storage support (even thread ids!), on the basis of "being a bad
design".
Ángel González wrote:
Andrey Hristov wrote:
Ãngel González wrote:
So how do you support global variables by banning the two ways they can
be accessed?
very easy, by using them by name. Global variables are those outside
of a classes, methods and functions.
If they can only be used outside functions they would be more restricted
that eg. class variables.That's like trying to forbid TSRMLS_FETCH() in php source saying "just
use TSRMLS_DC instead". Sure it is a nice goal but
a) That's not always feasible [without rewriting an insane amount of
code]
b) It's not a restriction that should be imposed by the language.And in all possible places TSRMLS_FETCH() is being thrown out and
replaced with TSRMLS_DC. You can check the commits to see this. If all
functions were getting the ID of the thread context one could have
have different than 1:1 mapping of request and OS threads - check the
thread scheduler of MySQL 5.1 and 5.5.Andrey
As I said, that's a fine goal. There are more than 400 calls to
TSRMLS_FETCH() in the release tarball. Not all of them can be changed
with a TSRMLS_DC. Furthermore, the php project would be unhappy and
broken if one of the supported OS decided to remove all kinds of thread
local storage support (even thread ids!), on the basis of "being a bad
design".
interesting comparison of global variables with local data (thread local
storage)
Andrey
And what about global constants? They are also screwing up the Dependency
Injection, and the static functions/properties, and the singletons also.
Should we ban those?
You got right to the point. It's no use removing this support if the
same global state can easily be achieved in other ways, like
singletons and statics, and break thousands of applications: then you
would simply choose a different programming language.
--
Giorgio Sironi
Piccolo Principe & Web Engineer
http://giorgiosironi.blogspot.com
http://twitter.com/giorgiosironi
On removing globals / $GLOBALS, erm, -1 to that. Just too much legacy code
needs this to work as is.
On making $_POST, $_REQUEST, $_GET et al read only, again -1 for the same
reason. However, I understand the sentiment and it brings up this idea...
What about a new superglobal, $_INPUT, that is read only.
Further its topmost structure could go something like this --
$_INPUT = array (
'POST' => array(), // The post request vars
'COOKIE' => array(), // Cookies
'GET' => array(), // Get request vars
'HEADERS' => array(), // Inbound HTTP headers, the stuff that right now is
misleadingly in $_SERVER['HTTP...']
'FILES' => array(), // Uploaded file information.
);
Since $_INPUT would be read only from inception nothing can break because it
can't be written to. At an INI level the option to turn off the legacy
superglobals it replaces might be added, but that's a separate issue.
Since $_INPUT would be read only from inception nothing can break because it
can't be written to. At an INI level the option to turn off the legacy
superglobals it replaces might be added, but that's a separate issue.
The filter extension already provides read-only ways for accessing
request data. Abusing a variable and adding new semantics there is
nogood thing. (Especially thinking aobut the complications in regards to
references .. $a = &$_INPUT['POST']['bar']; $a = 23; etc.)
johannes
Hi guys,
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and
$_POST read-only as they should be used only to read-only anyway.
I do not believe that making these read-only is going to yield any
performance benefits and
the chances of this breaking many scripts is quite large.
-1
Ilia
-----Original Message-----
From: Ilia Alshanetsky [mailto:ilia@prohost.org]
Hi guys,
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and
$_POST read-only as they should be used only to read-only anyway.
I do not believe that making these read-only is going to yield any
performance benefits and
the chances of this breaking many scripts is quite large.
-1
Ilia
One other potential negative...
By making them read only, are you removing the ability to scrub/delete them? Surely this is bad point?
J
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and
$_POST read-only as they should be used only to read-only anyway.
-1 here. No question that if you were developing a new language with
similar design goals to PHP (but learning from the missteps), you'd
probably make the superglobal analogues read only and skip the idea of
$GLOBALS altogether, but there's just too much code out there that
relies on these "features" working.
Adam
Adam Harvey wrote:
the topic says most of it. What do you think about deprecating the global
keyword and $GLOBALS with it? Together with this making $_REQUEST, $_GET and
$_POST read-only as they should be used only to read-only anyway.-1 here. No question that if you were developing a new language with
similar design goals to PHP (but learning from the missteps), you'd
probably make the superglobal analogues read only and skip the idea of
$GLOBALS altogether, but there's just too much code out there that
relies on these "features" working.
There were many apps which relied on register_globals but
register_globals was introduced.
There were many apps which relied on references in PHP4, but the object
model changed in 5, references too.
There are apps which rely on magic_quotes, but magic quotes are deprecated.
When some feature is changed or deprecated there will always be
applications that need to change.
Adam
Andrey
There were many apps which relied on register_globals but
register_globals was introduced.
There were many apps which relied on references in PHP4, but the object
model changed in 5, references too.
There are apps which rely on magic_quotes, but magic quotes are deprecated.
When some feature is changed or deprecated there will always be
applications that need to change.
Andrey, you have posted 9 messages on this in the past 3 hours. We have
heard you. You don't need to keep saying the same thing over and over.
And for the record, I strongly disagree with changing this.
-Rasmus
Rasmus Lerdorf wrote:
Andrey, you have posted 9 messages on this in the past 3 hours. We have
heard you. You don't need to keep saying the same thing over and over.And for the record, I strongly disagree with changing this.
As someone who always seems to be doing things the wrong way, simply processing
the $_REQUEST, killing anything that I don't like and adding the missing
elements is how my whole codebase works. Duplicating it does not make sense when
there are some complex elements in the posted form!
--
Lester Caine - G8HFL
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
Am 09.12.2010 13:46, schrieb Andrey Hristov:
There were many apps which relied on register_globals but register_globals was introduced.
There were many apps which relied on references in PHP4, but the object model changed in 5, references too.
There are apps which rely on magic_quotes, but magic quotes are deprecated.
When some feature is changed or deprecated there will always be applications that need to change.
that is not a valid reason for bc-breaking
if you do not want $GLOBALS in your functions do not
use them but do not force bc-breaks which are hurting
others without any sense
Reindl Harald wrote:
Am 09.12.2010 13:46, schrieb Andrey Hristov:
There were many apps which relied on register_globals but register_globals was introduced.
There were many apps which relied on references in PHP4, but the object model changed in 5, references too.
There are apps which rely on magic_quotes, but magic quotes are deprecated.
When some feature is changed or deprecated there will always be applications that need to change.that is not a valid reason for bc-breaking
if you do not want $GLOBALS in your functions do not
use them but do not force bc-breaks which are hurting
others without any sense
one day you might have to support globalized applications and I am sure
you will feel very enlightened to fix them :)
Andrey
Am 09.12.2010 17:19, schrieb Andrey Hristov:
one day you might have to support globalized applications and I am sure
you will feel very enlightened to fix them :)
This is my problem and not yours
There are thousands of scripts that are not big applications
and running well, are secure and clear designed and simply
working since years
So why in the world would you like to kill them braindead without
any valid reason, and "i do not like something" is not a valid
reason because nobody forces you to use such things in your
scripts
--
Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
Reindl Harald wrote:
Am 09.12.2010 17:19, schrieb Andrey Hristov:
one day you might have to support globalized applications and I am sure
you will feel very enlightened to fix them :)This is my problem and not yours
sure, one's thrash is another mans cash.
There are thousands of scripts that are not big applications
and running well, are secure and clear designed and simply
working since years
Who taught you that globals mean clean design and non-reentrancy is cool
and works?
So why in the world would you like to kill them braindead without
any valid reason, and "i do not like something" is not a valid
reason because nobody forces you to use such things in your
scripts
because my writings today are the legacy of tomorrow.
Andrey
Am 09.12.2010 17:49, schrieb Andrey Hristov:
sure, one's thrash is another mans cash.
Stop this dumb style
I know very well which script is good anough with
a simple hack and where i have to do a real
application style and i do not like braindead
ideas forcing me to get lost this decision
There are so many reasons to write explicit "throw-away-code"
and YOU DO NOT have to decide this for others
Nobody forces you to use coding you do not like
So please stop braindead forcing other people
Who taught you that globals mean clean design and
non-reentrancy is cool and works?
Who thaught you to decide what script from others
has to be written in which way?
So why in the world would you like to kill them braindead without
any valid reason, and "i do not like something" is not a valid
reason because nobody forces you to use such things in your
scriptsbecause my writings today are the legacy of tomorrow.
Your writings today are idiotic "we should break existing code because we can"
Reindl Harald wrote:
Am 09.12.2010 17:49, schrieb Andrey Hristov:
sure, one's thrash is another mans cash.
Stop this dumb style
I have been paid quite well for fixing other man's thrash because it
just did not work. "Thus, one's thrash is another man's cash." But do we
want this a normal job?
I know very well which script is good anough with
a simple hack and where i have to do a real
application style and i do not like braindead
ideas forcing me to get lost this decisionThere are so many reasons to write explicit "throw-away-code"
and YOU DO NOT have to decide this for othersNobody forces you to use coding you do not like
So please stop braindead forcing other people
Who told you that I'm forced to write such code?
Who taught you that globals mean clean design and
non-reentrancy is cool and works?Who thaught you to decide what script from others
has to be written in which way?So why in the world would you like to kill them braindead without
any valid reason, and "i do not like something" is not a valid
reason because nobody forces you to use such things in your
scriptsbecause my writings today are the legacy of tomorrow.
Your writings today are idiotic "we should break existing code because we can"
You probably got me wrong. The code will be broken and can be fixed.
It's not like going line by line and checking whether everything will
work. I'm tired of explaining this.
Andrey
Andrey Hristov wrote:
You probably got me wrong. The code will be broken and can be fixed.
It's not like going line by line and checking whether everything will
work. I'm tired of explaining this.
SO you are happy to do all that work for us for free?
Only recently has PHP4 been dropped from support, but there are STILL a large
number of projects that rely on it simply because no one has the time to rework
years of code. GOOD CODE at the time it was written which is why the
applications are still in use today.
Currently most of MY time is being spent testing site after site on the current
builds of PHP5 and the other related base packages simply because 'little
improvements' mean that some legacy areas DON'T work. I don't get paid for
wasting that time and I certainly don't want additional work ( like dropping
'function' ) simply because someone thinks THEY know best !!!
--
Lester Caine - G8HFL
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
Hi Lester,
Lester Caine wrote:
Andrey Hristov wrote:
You probably got me wrong. The code will be broken and can be fixed.
It's not like going line by line and checking whether everything will
work. I'm tired of explaining this.SO you are happy to do all that work for us for free?
Only recently has PHP4 been dropped from support, but there are STILL a
large number of projects that rely on it simply because no one has the
time to rework years of code. GOOD CODE at the time it was written which
is why the applications are still in use today.Currently most of MY time is being spent testing site after site on the
current builds of PHP5 and the other related base packages simply
because 'little improvements' mean that some legacy areas DON'T work. I
don't get paid for wasting that time and I certainly don't want
additional work ( like dropping 'function' ) simply because someone
thinks THEY know best !!!
I understand you well.
I am taking back my proposal. Discussion is over as the idea found no
support.
Best,
Andrey
Am 09.12.2010 17:19, schrieb Andrey Hristov:
one day you might have to support globalized applications and I am sure
you will feel very enlightened to fix them :)This is my problem and not yours
There are thousands of scripts that are not big applications
and running well, are secure and clear designed and simply
working since years
+1
So why in the world would you like to kill them braindead without
any valid reason, and "i do not like something" is not a valid
reason because nobody forces you to use such things in your
scripts
Not using (a small number of) globals needs either:
- functions that take everthing that they need in arguments.
I tried that 30 years ago and never did it again, functions
with 15 arguments are unweildy &* hard to maintain. - Use OO.
That means a whole step up in design, not always justified in small
scripts. OO is not always the answer.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h
Alain Williams wrote:
Am 09.12.2010 17:19, schrieb Andrey Hristov:
one day you might have to support globalized applications and I am sure
you will feel very enlightened to fix them :)
This is my problem and not yoursThere are thousands of scripts that are not big applications
and running well, are secure and clear designed and simply
working since years+1
So why in the world would you like to kill them braindead without
any valid reason, and "i do not like something" is not a valid
reason because nobody forces you to use such things in your
scriptsNot using (a small number of) globals needs either:
- functions that take everthing that they need in arguments.
I tried that 30 years ago and never did it again, functions
with 15 arguments are unweildy &* hard to maintain.- Use OO.
That means a whole step up in design, not always justified in small
scripts. OO is not always the answer.
If all your functions take 15 params I am worried that your program
design is flawed, sorry.
Andrey
If all your functions take 15 params I am worried that your program design
is flawed, sorry.
That's not an argument to do it. PHP and all other languages have many
ways to shoot yourself in the knees, but that's a reason why we should
remove everything remotely related to the trigger.
Also there are alternatives proposed as well, I would suggest to
investigate them instead of insisting on the initial idea.
Cheers,
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
If all your functions take 15 params I am worried that your program design
is flawed, sorry.but that's a reason
+not :)
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Pierre Joye wrote:
If all your functions take 15 params I am worried that your program design
is flawed, sorry.That's not an argument to do it. PHP and all other languages have many
ways to shoot yourself in the knees, but that's a reason why we should
remove everything remotely related to the trigger.Also there are alternatives proposed as well, I would suggest to
investigate them instead of insisting on the initial idea.Cheers,
Please point me to a shop in Europe where I can buy a gun without any
restrictions. I might get myself shot in the feet while I clean the gun,
but who cares, or might shoot someone accidentally.
Andrey
Pierre Joye wrote:
If all your functions take 15 params I am worried that your program
design
is flawed, sorry.That's not an argument to do it. PHP and all other languages have many
ways to shoot yourself in the knees, but that's a reason why we should
remove everything remotely related to the trigger.Also there are alternatives proposed as well, I would suggest to
investigate them instead of insisting on the initial idea.Cheers,
Please point me to a shop in Europe where I can buy a gun without any
restrictions. I might get myself shot in the feet while I clean the gun, but
who cares, or might shoot someone accidentally.
s,foot,knee, same idea:
http://www.urbandictionary.com/define.php?term=shoot%20yourself%20in%20the%20foot
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
s,foot,knee, same idea:
http://www.urbandictionary.com/define.php?term=shoot%20yourself%20in%20the%20foot
And it isn't just your foot you can shoot!
http://www.nytimes.com/1999/06/18/nyregion/metro-news-briefs-new-jersey-woman-sues-gun-maker-after-shooting-accident.html
And I doubt anyone died (or lost part of their kidney) because of the
use of $_GLOBALS / global!
--
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
If all your functions take 15 params I am worried that your program
design is flawed, sorry.
Stop trying to tell people how they should write their code. It's not
any of your business. Pragmatic application design is all great and
wonderfull, but that doesn't mean that that plentitude of shortcuts that
PHP offers aren't useful.
Derick
--
http://derickrethans.nl | http://xdebug.org
Like Xdebug? Consider a donation: http://xdebug.org/donate.php
twitter: @derickr and @xdebug
Reindl Harald wrote:
Am 09.12.2010 13:46, schrieb Andrey Hristov:
There were many apps which relied on register_globals but
register_globals was introduced.
There were many apps which relied on references in PHP4, but the object
model changed in 5, references too.
There are apps which rely on magic_quotes, but magic quotes are
deprecated.
When some feature is changed or deprecated there will always be
applications that need to change.that is not a valid reason for bc-breaking
if you do not want $GLOBALS in your functions do not
use them but do not force bc-breaks which are hurting
others without any senseone day you might have to support globalized applications and I am sure you
will feel very enlightened to fix them :)
so you don't like the idea to fix this kind of code in your application (an
application that YOU have to support), but you would like to change the
language, to force everybody out there to do the same.
nice.
Tyrael
Ferenc Kovacs wrote:
On Thu, Dec 9, 2010 at 5:19 PM, Andrey Hristov <php@hristov.com
mailto:php@hristov.com> wrote:Reindl Harald wrote: Am 09.12.2010 13:46, schrieb Andrey Hristov: There were many apps which relied on register_globals but register_globals was introduced. There were many apps which relied on references in PHP4, but the object model changed in 5, references too. There are apps which rely on magic_quotes, but magic quotes are deprecated. When some feature is changed or deprecated there will always be applications that need to change. that is not a valid reason for bc-breaking if you do not want $GLOBALS in your functions do not use them but do not force bc-breaks which are hurting others without any sense one day you might have to support globalized applications and I am sure you will feel very enlightened to fix them :) Âso you don't like the idea to fix this kind of code in your application
(an application that YOU have to support), but you would like to change
the language, to force everybody out there to do the same.
nice.
fixing a design flaw of the past, evolution in other words.
Tyrael
Andrey
.
fixing a design flaw of the past, evolution in other words.
Global and $GLOBALS are not a design flaw! They are a carefully thought
out technique to insure that you do not shoot your self in the foot by
accidentally accessing a global variable from within a function.
Rick
Hi!
the topic says most of it. What do you think about deprecating the
global keyword and $GLOBALS with it? Together with this making
No, I think it's a bad idea. I know over-using globals is bad, but they
still have their uses and huge amount of apps is using them one way or
another.
$_REQUEST, $_GET and $_POST read-only as they should be used only to
read-only anyway.
This would probably be bad for tests on many applications, and quite big
BC break.
The reason for global + GLOBALS is that these are abused and which leads
to spaghetti programs, when used by unexperienced users. Also they have
impact on side effects from functions that don't only rely their parameters.
I don't believe you can B&D users into a good code. Java has tons of
awful code.
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227