On Mon, 9 Mar 2020 at 13:47, Craig Francis <cr...@craigfrancis.co.uk> wrote:
> Hi, > > As I'm not sure how to make any more process on this, I've added added a > Feature Request: > > https://bugs.php.net/bug.php?id=79359 > > It shows how this change in PHP could stop SQL injection, and proposes a > way it could be used against HTML injection as well. > Hi Craig, In my experience, the bug tracker is likely to get you less attention than this list, rather than more. For this kind of significant change, the way to get a more in-depth discussion going is to draft an RFC; there are some instructions and tips on how to go about that at https://wiki.php.net/rfc/howto and https://blogs.oracle.com/opal/the-mysterious-php-rfc-process-and-how-you-can-change-the-web The idea of an RFC is to sit down and design exactly how the proposed feature would work; that helps move the discussion forward, because people can see exactly how it might look, and means you're offering something to the community rather than asking it of them. The RFC doesn't have to include a full implementation, but if you don't know much about the technical details, you might need help from someone who does to make sure the proposal is realistic. I see you've linked an older RFC in the feature request; it would be worth digging out the archived discussion from when that was proposed, to see why it stalled. It may just be that people were distracted by other things, or there may be issues raised which you can consider in a new proposal. If you haven't already, you could try contacting the author as well. In general, I think it's an interesting idea, but as the saying goes "the devil is in the detail", so I don't have much to say without a concrete proposal for what it would look like. Regards, -- Rowan Tommins [IMSoP]
