Dear PHP developers, I propose a feature that I call "string types". I have also already coded a first version of it that you can try. There's a bug for it here: http://bugs.php.net/?id=16480 and a homepage with a description and a patch here: http://nebuchadnezzar.zion.cz/php_strings.php Please be patient when downloading. The server is behind a 64k line. :-(
About the feature: It introduces five types of strings: plain string, SQL string, HTML string, URL (query) string and undefined (unknown type) string. The difference is in escaping characters that have special meaning in SQL (quotes, nul), HTML (ampersand, less-than, greater-than, double-quote) and URL (nearly everything except plain letters and digits). The conversion is done automatically when requested. This language extension is fully backwards-compatible; users who don't know about the new features (or don't want to know) need not worry: their existing scripts should work the same without any change. For users who do know about this and want to use it, I believe this new feature should bring significant improvement of code readability, reduction of code size and reduced probability of bugs. I think that the best explanation is by example, so see this: $data = p"a string with 'apostrophes', \"double-quotes\" etc."; mysql_query(s"INSERT INTO table VALUES ('$data')"); Because we include a plain string in an SQL string, the plain string is automatically converted to an SQL string, i.e. AddSlashes is applied to it. Strings from GET/POST/COOKIE have the right type, which makes it possible to easily write scripts that do not depend on the setting of magic_quotes_gpc. (An SQL string included in another SQL string is not converted, of course.) Another one: $data = p"a string with <less-than, >greater-than, &ersand"; echo h"<INPUT TYPE=HIDDEN NAME=parameter VALUE=\"$data\">"; Here, the $data string is automatically HtmlSpecialChars'ed when included in a HTML string. Read more about it on the above mentioned homepage. Try it, test it, tell me what you think about it! Just remember that this is alpha code, and it is very little tested. I make no guarantees whatsoever, except that it has bugs. :-) Please cc me in any replies. I am not subscribed to the list (so in fact, I don't know if it will allow me to post this). I realize that this is not a good practice, but I couldn't handle the loads of mail - and according to http://www.php.net/mailing-lists.php this list isn't available in digest form. :-( Thanks for your attention. Vaclav Dvorak ([EMAIL PROTECTED]) http://nebuchadnezzar.zion.cz/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php