Dear PHP developers,
I propose a feature that I call "string types". I have also already
coded a first version of it that you can try. There's a bug for it
here: http://bugs.php.net/?id=16480 and a homepage with a description
and a patch here: http://nebuchadnezzar.zion.cz/php_strings.php
Please be patient when downloading. The server is behind a 64k line.
:-(
About the feature: It introduces five types of strings: plain string,
SQL string, HTML string, URL (query) string and undefined (unknown
type) string. The difference is in escaping characters that have
special meaning in SQL (quotes, nul), HTML (ampersand, less-than,
greater-than, double-quote) and URL (nearly everything except plain
letters and digits). The conversion is done automatically when
requested. This language extension is fully backwards-compatible;
users who don't know about the new features (or don't want to know)
need not worry: their existing scripts should work the same without
any change. For users who do know about this and want to use it, I
believe this new feature should bring significant improvement of code
readability, reduction of code size and reduced probability of bugs.
I think that the best explanation is by example, so see this:
$data = p"a string with 'apostrophes', \"double-quotes\" etc.";
mysql_query(s"INSERT INTO table VALUES ('$data')");
Because we include a plain string in an SQL string, the plain string
is automatically converted to an SQL string, i.e. AddSlashes is
applied to it. Strings from GET/POST/COOKIE have the right type,
which makes it possible to easily write scripts that do not depend on
the setting of magic_quotes_gpc. (An SQL string included in another
SQL string is not converted, of course.)
Another one:
$data = p"a string with <less-than, >greater-than, &ersand";
echo h"<INPUT TYPE=HIDDEN NAME=parameter VALUE=\"$data\">";
Here, the $data string is automatically HtmlSpecialChars'ed when
included in a HTML string.
Read more about it on the above mentioned homepage. Try it, test it,
tell me what you think about it! Just remember that this is alpha
code, and it is very little tested. I make no guarantees whatsoever,
except that it has bugs. :-)
Please cc me in any replies. I am not subscribed to the list (so in
fact, I don't know if it will allow me to post this). I realize that
this is not a good practice, but I couldn't handle the loads of mail -
and according to http://www.php.net/mailing-lists.php this list
isn't available in digest form. :-(
Thanks for your attention.
Vaclav Dvorak ([EMAIL PROTECTED])
http://nebuchadnezzar.zion.cz/
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
