Using an explicit json_decode is actually a huge problem. It isn't just hard to
write encoded stuff into strings, it is a security issue because you have to
encode the values that you are then encoding into JSON. For example:
json_decode('{a: "a", b: "b", foo: "'.$_POST['foo'].'"}'); // !!! Security
problem !!! Value injection is possible with a properly formed 'foo' parameter
in the post.
To avoid this, you have to do the following:
json_decode('{a: "a", b: "b", foo: '. json_encode($_POST['foo'].'}');
Compare that clunky monstrosity to:
{a: "a", b: "b", foo: $_POST['foo']};
Remember that this syntax is less about constants and more about binding values
into some structure.
As a C++ programmer I whole heartedly agree with the confusion point, but as a
PHP developer I don't. Basically every PHP developer is going to be familiar
with JavaScript, because it is also a web language. Go to oDesk.com, and you
can't find a developer looking for PHP work who doesn't know how to work with
jQuery or similar. Browser fragmentation makes jQuery or something similar
almost essential for modern web development, and JSON is used extensively in
all of these frameworks. Any PHP developer worth a dime will know exactly what
they are looking at.
I agree that [a: 'b'] would be totally wrong. This doesn't look like PHP OR
JSON, and is likely to cause confusion. If [a=>$b] is the only syntax people
can agree on, I can live with that, but IMO that syntax will actually create
MORE confusion than just allowing pure JSON (opinion informed by trying to get
new devs up to speed on a project that uses MongoDB.)
John Crenshaw
Priacta, Inc.
-----Original Message-----
From: dukeofgaming [mailto:[email protected]]
Sent: Wednesday, June 01, 2011 5:51 AM
To: Ford, Mike
Cc: Etienne Kneuss; [email protected]
Subject: Re: [PHP-DEV] Re: RFC: Short syntax for Arrays (redux)
After that argument, I think I'm against ":" now too. +1 to "=>"
Could "{ }" be implemented for objects too then?.
Regards,
David
On Wed, Jun 1, 2011 at 4:36 AM, Ford, Mike <[email protected]> wrote:
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]] On Behalf Of
> > Etienne Kneuss
> > Sent: 01 June 2011 01:57
> > To: [email protected]
> > Subject: Re: [PHP-DEV] Re: RFC: Short syntax for Arrays (redux)
> >
> > +1 for a short array syntax.
> >
> > But only if you keep it consistent, PHP has always been using => for
> > key/val association, I don't see any reason to suddenly provide
> > "key":
> > "val", unless what you want is to confuse people.
>
> Hear, hear and hear, hear to that!
>
> ['a': 'b'] just feels completely un-PHP-like, and I'd be totally
> against it.
>
> If the desire is to have a "native" JSON syntax so that you can eval()
> imported JSON, then I'm completely anti that, too -- that's a case
> where I'd far rather be explicit and use json_decode(). And since, no
> matter how you slice it, you're never going to get a complete fit
> between native PHP structures and JSON encoding, I don't believe you
> should even try.
>
> I just can't see the problem with saying: PHP arrays (and maybe
> objects?) look like *this*, and if you want to import/export them
> from/to a JSON representation, there are functions to do it like
> *this*. This seems to be the perfectly sensible approach of other
> languages I've used recently (although my perl is somewhat out-of-date,
> and my python even more out-of-daterer and minimal at that!). Even
> ECMAScript is going down the route of explicit conversion with
> JSON.parse() and JSON.stringify() in ECMAScript 5!
>
> All in all, still +1 for [1, 2=>2, 'a'=>'b'], and -several million (for
> style) for any syntax involving colons.
>
> Cheers!
>
> Mike
> --
> Mike Ford,
> Electronic Information Developer, Libraries and Learning Innovation,
> Leeds Metropolitan University, C507 City Campus,
> Portland Way, LEEDS, LS1 3HE, United Kingdom
> E: [email protected] T: +44 113 812 4730
>
>
>
>
>
>
> To view the terms under which this email is distributed, please go to
> http://disclaimer.leedsmet.ac.uk/email.htm
>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
