PHP's Built in Input filtering: Pro or Against?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

PHP's Built in Input filtering: Pro or Against?

Pro
0
No votes
Against
6
100%
 
Total votes: 6

User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

And from what I read there won't be. I see the same thinking with the Zend Framework. They just don't understand the value of containers.
Some of it is down to the debating over meeting the majority need, in following an 80/20 rule they seem to be judging improvements perceived as being less likely use cases as a "20" requirement so it's rare to see a set of equally valid alternatives reduced to one concrete implementation as a convention. Instead they seek a lower denominator which is visibly simpler at the cost of needing extra developer work to use and assume folk will abstract away the repetition by themselves. I can understand the approach but it tends to push more work towards the developer who'd prefer the library handled some of the load like it's supposed to.

I do support the ZF - you can't help noticing flaws amid all the good work :).

Back on the ext/filter topic - I raised a question a few weeks back on the mailing list as to whether the framework would take account of the extension if installed. I got a brief yes/maybe type answer but nothing definitive.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

I'm against this style of implementation, but not necessarily against out-of-the-box input filtering.
GameMusic
Forum Newbie
Posts: 24
Joined: Fri Oct 28, 2005 8:33 pm

Post by GameMusic »

What would be the advantage of this over using settype, typecasts, or htmlspecialchars if you don't need the bonus options like numeric ranges?

You know what I'd really like in PHP? The ability to declare typed variables like in C++, so that I don't have to constantly do that sort of thing.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

What would be the advantage of this over using settype, typecasts, or htmlspecialchars if you don't need the bonus options like numeric ranges?
I'd say it gives you a uniform API to work with (whether or not it's a good API is another question).
You know what I'd really like in PHP? The ability to declare typed variables like in C++, so that I don't have to constantly do that sort of thing.
PHP5 has a pseudo-ability to do this in function parameters, but it's only for objects. In general, though, I find PHP's type-juggling to be quite useful.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

We'd also have problems with input values.. given everything will be a string (except files.)
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Ambush Commander wrote:PHP5 has a pseudo-ability to do this in function parameters, but it's only for objects. In general, though, I find PHP's type-juggling to be quite useful.
Just a question on that... When we typecast to different types, the variables keep the same address, correct? Does this save memory?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

I can't answer your question for certain, but PHP's interpreter has a very efficient garbage collector, and small variables like 32434 or "foobar" won't make a difference.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

I've been a bit curious about the garbage-collector system in PHP. I'm used to doing it manually in C++ and Java was my first time with a "garbage collector."
Post Reply