-Rasmus
Michael Virnstein wrote:
I'm not a developer of php, but developing in php, i can say that it'd be nice to be able to filter *any* data, *if I want to*, not just $_GET, $_POST etc.. I think it is a good idea to have a easy to use filter api, but please don't make it an ini setting, so i have to call a function to get the original data if it is enabled or have to call ini_set first to disable it. I know you'd like to help securing applications even for not experienced programmers, but that's not the way to go imo.
I honestly don't want someone to dictate which data is ok for my application and which is not. Simply give me a nice api, with default filter types and probably the possibility to register custom functions to filter data, so i can call the functions if i want to. Or let me register filter types for certain variables, something like:
<?php
register_filter('var1', FILTER_NUMBER); register_filter('var2', FILTER_EMAIL); register_filter('var3', 'my_customer_filter');
?>
Michael
Rasmus Lerdorf wrote:
For the 18th time, nobody is talking about enabling it by default.
-Rasmus
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
