Hi,
I'm glad the topic has been picked up again, but I think there is an
inconsistency in the proposal now that we are talking about being JSON-ish:
JSON describes objects, not arrays. Then, what if "[]" were used for arrays
and "{}" for objects?, so that:
[1,2,3] //array(0=>1, 1=>2, 2=>3)
['one':1, 'two':2, 'three' : 3] // array('one'=>1, 'two'=>2, 'three' => 3)
['one':1, 'two':2, 'three' : 3] // (object)array('one'=>1, 'two'=>2, 'three'
=> 3)
Regards,
David
On Tue, May 31, 2011 at 4:25 PM, Stas Malyshev <smalys...@sugarcrm.com>wrote:
> Hi!
>
>
> Stas, I didn't understand your point about eval() and security. What did
>> you mean?
>>
>
> I meant if PHP has JSON syntax as native, e.g. you can say something like:
>
> $a = {"a":"b"};
>
> Then the temptation would be to write something like:
>
> // $json_string is {"a":"b"}
> $a = eval($json_string);
>
> just as Javascript programmers sometimes do. That would have the same
> security implications as it has in Javasctipt - somebody could inject
> executable code there, etc. Of course, nobody forces you to do this, but the
> temptation would be there.
>
> Also, with full JSON support it is not entirely clear to me what {"a": "b"}
> would mean - is it an array or an object? In JS, it's definitely an object,
> but in PHP objects are almost never used to store pure state without
> behavior, because we have hashtable arrays, while JS only has vector arrays.
> So here we have some unclear point (which does not happen with [] syntax,
> since with [] it's obvious we're talking about arrays, just as in many other
> languages).
>
> --
> Stanislav Malyshev, Software Architect
> SugarCRM: http://www.sugarcrm.com/
> (408)454-6900 ext. 227
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
