Actually, I don't think it was. If you want objects, why not use the
real thing?
Just consider that ZF's initial concept was for ActiveRecord a code
which needs LSB.
more complex is not always better.
Did you find my code example too complex? I think if LSB is added to
PHP there will be a
On 19.11.2007, at 09:00, Stefan Esser wrote:
Wietse Venema schrieb:
Stefan Esser:
2) Using mysql_real_escape_string() on user input does not make
it safe
for SQL. It only makes SQL strings safe.
Example: SELECT * FROM table WHERE id=.mysql_real_escape_string
($id)
is NOT secure but will
PHP there will be a natural need for this functionality, and a lot of
user will be confused with the result.
What's confusing in reading the manual about what self:: and parent::
mean? Unless by confusing you don't mean what all other people mean
but it works certain way, and I know it well,
Rest assured that this is not the bad kind of 'more complex' I believe
I'm afraid I must disagree. The feature that was missing was to know the
true calling class name. That was implemented. You can build from it,
there's no need to add further complication to the language. You can
easily
What's confusing in reading the manual about what self:: and parent::
mean? Unless by confusing you don't mean what all other people mean
but it works certain way, and I know it well, but since I want it to
work other way I'd pretend I don't understand. That would be really
confusing.
You
PHP 6 Bug Database summary - http://bugs.php.net
Num Status Summary (63 total including feature requests)
===[*General Issues]==
26771 Suspended register_tick_funtions crash under threaded webservers
On 19/11/2007, Sam Barrow [EMAIL PROTECTED] wrote:
I both like and dislike the fact that PHP is so loosely typed. It makes
it very easy, which I like, however it is sometimes not strict enough,
allowing for undetected errors, which of course I don't like.
I think the ideal solution here is to
Stanislav Malyshev wrote:
Rest assured that this is not the bad kind of 'more complex' I believe
I'm afraid I must disagree. The feature that was missing was to know the
true calling class name. That was implemented. You can build from it,
there's no need to add further complication to the
On 11/19/07, Richard Quadling [EMAIL PROTECTED] wrote:
What if type hinting just generated an E_NOTICE. Nothing more for the
time being.
Call it an experimental option.
I already use hungarian notation for all my params ( cause I'm
unimaginative with my var names I suppose!), so the type
On 18.11.2007, at 12:27, Gergely Hodicska wrote:
Hi!
I read this thread, and I would like to ask if is there any
decision about the behavior of inheritance?
I wrote on my blog about late static binding (http://blog.felho.hu/
what-is-new-in-php-53-part-2-late-static-binding.html), and I
On 10.11.2007, at 22:34, Gaetano Giunta wrote:
plus a 3 numbered version is very easy to assign to a lib (you
know, like a new param for a function bumps up the middle number,
a fix - any fix - bumps up the rightmost one etc... )
That is what $Revision$ CVS tag does, version number is
On 11/19/07, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
I think the point of Stas reply was to use self:: instead of parent::.
how would self help? that would mean calling this exact method, not
the method of parent-class
--
Alexey Zakhlestin
http://blog.milkfarmsoft.com/
--
PHP Internals -
On 19.11.2007, at 14:05, Alexey Zakhlestin wrote:
On 11/19/07, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
I think the point of Stas reply was to use self:: instead of
parent::.
how would self help? that would mean calling this exact method, not
the method of parent-class
that way you
Good idea about reducing the error warning level, isn't this currently
fatal? We could just turn it into an e_notice or e_warning.
On Mon, 2007-11-19 at 11:37 +, Richard Quadling wrote:
On 19/11/2007, Sam Barrow [EMAIL PROTECTED] wrote:
I both like and dislike the fact that PHP is so
I just finished redoing this patch by the way, it's available on
sambarrow.com, along with my custom superglobals patch.
On Mon, 2007-11-19 at 15:17 +0300, Alexey Zakhlestin wrote:
On 11/19/07, Richard Quadling [EMAIL PROTECTED] wrote:
What if type hinting just generated an E_NOTICE. Nothing
On 11/19/07, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
On 19.11.2007, at 14:05, Alexey Zakhlestin wrote:
On 11/19/07, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
I think the point of Stas reply was to use self:: instead of
parent::.
how would self help? that would mean calling this
Stefan Esser:
[ Charset ISO-8859-1 unsupported, converting... ]
Wietse Venema schrieb:
Stefan Esser:
2) Using mysql_real_escape_string() on user input does not make it safe
for SQL. It only makes SQL strings safe.
Example: SELECT * FROM table WHERE id=.mysql_real_escape_string($id)
I think the point of Stas reply was to use self:: instead of parent::.
Hmm, it doesn't make sense to me. (If I am not mistaken calling self
caused segfault.)
Best Regards,
Felhő
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
If taint-mode is intended for testing only, it would never be
something, which was turned on per default. Then maybe a tool such as
php-sat ( http://www.program-transformation.org/PHP/PhpSat ) is a
better solution? It seems to me like there is a rather big overlap
between the projects.
--
troels
Jochem Maas wrote:
Stanislav Malyshev wrote:
Rest assured that this is not the bad kind of 'more complex' I believe
I'm afraid I must disagree. The feature that was missing was to know the
true calling class name. That was implemented. You can build from it,
there's no need to add
Hello,
I see that the bug was marked fixed in 5.2.5, and that a HTTP 500
response code is not automatically sent, but isn't the whole problem
that attempting to load a WSDL that cannot be loaded should raise an
exception and not fatal error?
Is this discussion appropriate for this bug, or should
troels knak-nielsen:
If taint-mode is intended for testing only, it would never be
something, which was turned on per default. Then maybe a tool such as
php-sat ( http://www.program-transformation.org/PHP/PhpSat ) is a
better solution? It seems to me like there is a rather big overlap
between
On Nov 19, 2007 4:21 PM, Alexey Zakhlestin [EMAIL PROTECTED] wrote:
imho, exceptions are preferrable in a lot of php's functions…
but core php programmers are usually against exceptions if it is not
an error of object-constructor
Well in this case the constructor to the SoapClient class
On 19.11.2007, at 16:26, nick loeve wrote:
On Nov 19, 2007 4:21 PM, Alexey Zakhlestin [EMAIL PROTECTED] wrote:
imho, exceptions are preferrable in a lot of php's functions…
but core php programmers are usually against exceptions if it is not
an error of object-constructor
Well in this case
imho, exceptions are preferrable in a lot of php's functions…
but core php programmers are usually against exceptions if it is not
an error of object-constructor
On 11/19/07, nick loeve [EMAIL PROTECTED] wrote:
Hello,
I see that the bug was marked fixed in 5.2.5, and that a HTTP 500
response
Whether it's implemented or not, I'm going to write a patch for multiple
class inheritance. Does anyone here whos knows about the Zend Engine
willing to help me out just a little bit, to get me started? I'm stuck
at the syntax interpretation right now.
On Mon, 2007-11-19 at 02:07 -0500, Edward Z.
Hello Sam,
since the thread turned to autoboxing. You guys may want to have a look at
Pecl/SPL_Types which provides the base functionality to implement autoboxing
already. Right now it provides only a Bool and an Enum class though.
marcus
Thursday, November 15, 2007, 4:27:17 PM, you wrote:
Sam Barrow schrieb:
What is the general opinion on multiple class inheritance.
It is a concept that only works correctly in CLOS?
--
Sebastian Bergmann http://sebastian-bergmann.de/
GnuPG Key: 0xB85B5D69 / 27A7 2B14 09E4 98CD 6277 0E5B 6867 C514 B85B 5D69
--
PHP
On Mon, 19 Nov 2007, Dmitry Stogov wrote:
Do you really like to slowdown compilation to support some buggy
extension? zend_extension_op_array_ctor_handler(s) must be used to
setup reserved data.
I don't see why allocated memory shouldn't be properly initialized in
the first place. To me
I patched bug #42866 writing the fix as a comment to the bug-tracker system,
then I also sent the patch to the internals mailing system, but nobody ever
answered.
I'd like to contribute to PHP6 development, please allow me to do that.
--
PHP Internals - PHP Runtime Development Mailing List
To
I don't see why allocated memory shouldn't be properly initialized in
the first place. To me this looked like a bug in the engine because all
I'd guess for the same reason all C allocators don't initialize memory
unless explicitly asked to - because it costs performance.
Secondly, if the
class A {
static function find($id) {
// lets try and find a 'something'
}
}
class B extends A {}
// I'd like a 'B' please bob.
$b = B::find( 1 );
are you saying that A::find() can tell that it was called as B::find() ?
Yes, this is exactly what LSB does.
--
in that situation A::find(); would not be able to know it was being
called by B::find() because parent:: is considered an explicit class
name reference.
It will be, just not by means of parent::.
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED] http://www.zend.com/
Hi!
As per my rfd from 2007-11-14, I prepared a FETCH_2D (work title) patch
- where a row result consists of a two-dimensional hash, the first
dimension being the table name, the second the field name.
Summary:
I propose to rearrange FETCH mode constants, such that FETCH_NUM,
FETCH_ASSOC and
Stefan Esser wrote:
Hi Dan,
I believe the primary use case for taint mode would be to use it in
development: taint mode is a mode which can be turned on to give you
an idea of where your application may have exposed some
vulnerabilities; let you fix those identified vulnerabilities; then
As I and several others proposed earlier the best option would be:
parent::method() thinks it is the same class as a caller
ClassName::method() thinks it is ClassName
Yes, this would be the logical behavior for me too.
Best Regards,
Felhő
--
PHP Internals - PHP Runtime Development Mailing
Am 18.11.2007 um 22:53 schrieb Lukas Kahwe Smith:
Stefan so what is your point then? Since neither can be 100% secure,
do not use any? Or just do not bundle either?
Yes, that is exactly the way to go. To quote Yoda (and he would know):
Do, or do not. There is no try.. Or, in contemporary
I doubt it will be implemented, but for my application it would be
incredibly helpful and worth it to me to write a patch even if I am the
only one to use it.
On Mon, 2007-11-19 at 17:53 -0300, Cristian Rodriguez wrote:
2007/11/19, Sam Barrow [EMAIL PROTECTED]:
Whether it's implemented or not,
This was a good idea, however it could be even more useful if used to
calculate the execution time of your scripts. But since it only counts
whole seconds, for this microtime() would be better. Would it be
possible to add $_SERVER['REQUEST_MICROTIME']?
--
PHP Internals - PHP Runtime Development
also that would introduce BC issues.
Can you show a use case for BC?
Current implementation:
?php
class ActiveRecord
{
public static function findByPk($id)
{
var_dump(get_called_class()); // Blog
var_dump(get_class()); // ActiveRecord
It would probably better to implement something like prototyping,
where there is only 1 parent, but there can be muliple prototype
classes from which methods are inherited.
On Nov 19, 2007, at 10:49 PM, Sam Barrow [EMAIL PROTECTED] wrote:
I doubt it will be implemented, but for my
On 19.11.2007, at 21:50, David Zülke wrote:
Am 18.11.2007 um 22:53 schrieb Lukas Kahwe Smith:
Stefan so what is your point then? Since neither can be 100%
secure, do not use any? Or just do not bundle either?
Yes, that is exactly the way to go. To quote Yoda (and he would
know): Do, or
Do, or do not. There is no try.. Or, in contemporary words: do things
100% properly, but if that is not possible, take a step back and spare
the world some half arsed attempt.
It sounds nice, but from the practical point of view you can't make sure
code is 100% tested and 100% secure. There
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Ezequiel Gutesman wrote:
Going back to Stefan's example:
$sql['id'] = mysql_real_escape_string($_GET['id']);
$query = SELECT * FROM table WHERE id=.$sql['id']
It is true that GRASP won't raise an alarm unless $sql['id'] has
non-numeric
I have failed the state the goal and not the task rule, sorry.
So, my goal is to pass a variable number of arguments of which some
could be references. I believed that this needs calltime by-ref calls
but obviously need. For func_get_arg, a simple flag could suffice. For
func_gets_args, I do not
That would serve my purpose, as long as i can inherit methods and
properties from multiple parents.
On Mon, 2007-11-19 at 23:09 +0100, Arnold Daniels wrote:
It would probably better to implement something like prototyping,
where there is only 1 parent, but there can be muliple prototype
On 19.11.2007, at 21:09, Hans-Peter Oeri wrote:
FETCH_2D is the core of my proposal. It's like the
ATTR_FETCH_TABLE_NAMES, enhanced in arrays. Columns are to be found on
the second level:
$result[tablename][columname]
Not sure how real world useful this is. What I have seen more is a
need
That would serve my purpose, as long as i can inherit methods and
properties from multiple parents.
Sorry if it is off to this list. Sam maybe you should check some PHP
mixins implementation:
http://www.symfony-project.org/book/1_0/17-Extending-Symfony#Mixins
On 20.11.2007, at 00:47, Lukas Kahwe Smith wrote:
On 19.11.2007, at 21:09, Hans-Peter Oeri wrote:
FETCH_2D is the core of my proposal. It's like the
ATTR_FETCH_TABLE_NAMES, enhanced in arrays. Columns are to be
found on
the second level:
$result[tablename][columname]
Not sure how real
Do, or do not. There is no try.. Or, in contemporary words: do
things 100% properly, but if that is not possible, take a step back
and spare the world some half arsed attempt.
It sounds nice, but from the practical point of view you can't make
sure code is 100% tested and 100% secure.
Yes, that is exactly the way to go. To quote Yoda (and he would
know): Do, or do not. There is no try.. Or, in contemporary
words: do things 100% properly, but if that is not possible, take a
step back and spare the world some half arsed attempt.
This makes no sense to me. There is nothing
Lukas Kahwe Smith wrote:
On 19.11.2007, at 14:24, Alexey Zakhlestin wrote:
On 11/19/07, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
On 19.11.2007, at 14:05, Alexey Zakhlestin wrote:
On 11/19/07, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
I think the point of Stas reply was to use self::
Lukas Kahwe Smith wrote:
actually i do not think this is obviously more intuitive than what we
currently have. also that would introduce BC issues. so i think adding
some new magic constants (if they are not yet added) would probably
solve the situation more or less, plus you have self:: if
Stanislav Malyshev wrote:
in that situation A::find(); would not be able to know it was being
called by B::find() because parent:: is considered an explicit class
name reference.
It will be, just not by means of parent::.
I am missing somethingthen by what means?
--
PHP Internals -
Stanislav Malyshev wrote:
in that situation A::find(); would not be able to know it was being
called by B::find() because parent:: is considered an explicit class
name reference.
It will be, just not by means of parent::.
I am missing somethingthen by what means?
By means of using
parent::test();
What do you want parent::test() to mean?
This will echo 'A'. So like I said you have no way here of telling that
B:: was used.
Because it wasn't. parent::test() means A::test(). 'parent::' means
'parent class of the class where this statement is' in PHP. For B, it's
Stanislav Malyshev wrote:
parent::test();
What do you want parent::test() to mean?
This will echo 'A'. So like I said you have no way here of telling that
B:: was used.
Because it wasn't. parent::test() means A::test(). 'parent::' means
'parent class of the class where this
Hey David,
David Zülke schrieb:
bother us, at least they have been warned). But some implicit guessing
magic that, once again, means people are gonna switch their brains off -
please not.
Frankly, I don't care about people that switch their brains off. If one
doesn't care about security, or
58 matches
Mail list logo