On Wed, Oct 1, 2025, 15:22 Alexandre Daubois <[email protected]> wrote:
> > > It boils down to: If you are not confident that you construct the > pattern in a safe way then what would you do if a validation function > returns false? You can notify the developer but that is already > accomplished with the preg_* warning when an invalid pattern is given. > Creating an error page for the user on a warning is also already possible. > That's why i'm on the fence whether a validation function does more good or > harm. > > I don't understand how it could be harmful. Early validation is useful > when it comes to avoiding unnecessary operations if we can already be > sure that it will fail later for obvious reasons. For me, it falls > into the same category as email or URL validation in filter_var. > That's also why I think it would be more appropriate as a flag for > this function rather than a dedicated function. > Emails and URLs are commonly expected end user inputs. Regular expressions are not, and that is almost always a bad idea. A bad idea which would be encouraged by making it easy to implement. I am generally in favor of adding niche functionality, but this one does worry me. Cheers, Andrey.
