On 13/07/12 12:28, Ryan McCue wrote: > Somewhat off-topic, but is there a reason why not? It seems to me that > introducing a new API without using PHP's best method of error handling > (IMHO) is a little silly. I don't really trust exception throwing near password-managing functions. Consider the following:
class UserLogin { var $loggedIn = false; function login() { $row = SELECT * FROM user WHERE username = escape_string($_POST['user']) ; $this->checkPassword($row->password); } function checkPassword($pw_hash) { if (password_verify($_POST['password'], $pw_hash) $this->loggedIn = true; } } The codebase does no global exception handling (because it doesn't throw exceptions itself), and also nobody configured the server not to show errors/exceptions (some say it was purposely setup to show them). password_verify() "errors" if the parameters are not strings or the hash doesn't match a known hash format. Which kind of error should you use? errors or exceptions? Provide a reasoned answer. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php