Doctorrock wrote: > Now consider this use : > GET /mypage.php?my_message[]='Hi' HTTP 1.1 > (...) > > Zend_Filter_StringToLower::filter($_GET['my_message']); > > Note that my_message is passed as an array, anyone can modify the type > of params in the URL for a GET request, thus generating in that case a > *Notice *: Array to string conversion in *my\file\dot\php* on line my_line. > > Some of you would say that it's the programmer's job to cast the GET > variable manually type before passing it to the filter, by I personally > think that the filter function should do it by itself, as it expects a > string in all cases, and nothing else...
I'd rather have it so that an exception is thrown (the way it is now, no?). My reasoning is that if I make a coding blunder and pass an array (it happens!), it will be caught rather than converted to a string and, potentially passed to a validation chain, accepted, and entered into storage. All sorts of things could go wrong. -- Drew
