Hi, 2012/4/10 Chris Stockton <chrisstockto...@gmail.com>: > Hello, > > On Mon, Apr 9, 2012 at 8:25 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: >> Hi, >> >> There is valid usage for allow_url_include=on. >> >> For instance, if both server and client is PHP, we could use var_export() >> to receive messages. >> >> Client >> ---- >> <?php >> include('http://server/send_my_data.php'); >> ?> >> ---- >> >> Server: /send_my_data.php >> ---- >> <?php >> echo "$response = "; >> var_export($some_useful_data); >> ?> >> ---- >> >> This is the most efficient way to exchange data between PHP servers. >> People does this should not security issues, though. >> >> BTW, do you remember allow_rul_fopen was changed to INI_SYSTEM? >> This should be INI_ALL as well as allow_rul_include, IMO. >> >> Regards, >> > > Perhaps you could bring your discussion to the php general mailing > list as opposed to the internals? You might find a good bit of > reasonable feedback and information for handling user input there, in > the exact scenarios you mentioned.
I guess you have never benchmarked various methods. I haven't done it for a long time, so the result may differ though. If you find interesting result, please let us know. Anyway, just like PHP being a embedded language, this method is perfectly valid. It has been there for a long time, too. IIRC, var_export() was implemented by Derick during PHP 4.x, so it's rather new(?) feature compare to embedded lang, though. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php