wishlist> input filter extension (including some element of user
wishlist> control)
Will it be used _instead_ of $_POST and $_GET? Honestly, I'm not so sure
it's a good idea to implement it like PECL extension does. Filtering
individual variables is, in my opinion, a wrong way to treat user input.
The way I do it on my sites:
1) Call dispatcher parses request variables to find out what to do. This
is done before request filtering.
2) System loads the filter that correspond to the target action.
3) If _any_ of the request variables are invalid, than system does not
perform the action. Instead, it outputs message, stating which field was
filled incorrectly.
4) If all variables are correct, than system makes an array of "clean"
variable (i.e. only ones that were checked) and passes it to some function.
Simplified example:
$filter = array(
'name'=>'/^[\w\d]+$/',
'zip'=>'/^\d{5}$/',
'phone'=>'/^\d{7,16}$/',
);
try {
$input = filterInput($filter);
} catch (InvalidField $e) {
echo $e;
die();
}
Besides, is it really necessary to make input filtering a part of the
language? It's a very high-level feature, and implementation may vary
according to the needs of the developer. Plus, it's perfectly doable in
pure PHP. In fact, I would go as far as removing session handling
functions from the "core" language too. Such things would better fit a
framework or CMS.
My two cents, anyway.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
