On 20/08/16 08:30, Yasuo Ohgaki wrote: > The input validation we are discussing is "Input/output rules between > client and server". It decides what's valid/invalid.
I think I'm getting two things confused and am mixing your array filtering RFC up with this one. There is so much speculative stuff being discussed rather than trying to nail down key elements? I am looking at the whole process, so I have client side validation with is built from a set of rules added to the smarty templates. This still has a couple of gaps where manual creation of javascript is still needed, but that relates more to getting the validation working with botstrap3. This gives me a clean set of post data, and if one could ignore the morons then working with the $_POST array would be a doddle, but because we live in the real world, it's the BUILDING of the $_POST array when one can't trust the provider that we want to filter, and in an ideal world the rules would be used for each variable as they are added to the array, rather than post creating the array. One could almost envisage a check that the post data packed IS too big for the set of variables being returned and crash out, but simply throwing away suspect data as each variable is built and having the logic to simply create an exception on the first failure, only pass those fields that are valid ensures the $_POST array matches the clients data array. -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
