On 08.04.2010, at 12:48, daniel zulla wrote: > Hi, > Take a look at the code example [1]. > Why not giving programmers the possibility to init their scripts with > a call, that tells exactly what data should be taken - like GET userid > INT and GET password MIXED, or just POST domainid INT, or something > like that. > > If there's data transmitted, the scripts doesn't need, why should we > go on with execution? > > In my example, request_init would check if there is $_POST['userid'], > $_POST['pass'], $_GET['userid'] or $_GET['pass'] and if userid is an > integer, and pass is mixed. > > If that's all right, the script just goes on working. > If not, and that's the clue, the callback function will be called, > telling the user what's wrong. > > A feature like that would highly improve security. Programmers > wouldn't even think about stupid solutions like getting all the $_POST > data into an Array() and trying to quote it anymore. It's an advantage > for readability too: > You take a look on the code, and you just know exactly what's going on. > > When magic_quotes and register_globals will, finally, be killed in > PHP6, this could be, finally, a real security feature, couldn't it? > > Greets, > Daniel Zulla > > [1] Code Example: > <?php > request_init(Array(POST, GET), Array(userid => INT, pass => > mixed), $callback->crap_transmitted, 1); > ?> > <html>
are you aware of the filter extension: http://php.net/filter regards, Lukas Kahwe Smith m...@pooteeweet.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
