RE: [PHP-DEV] Re: Proposal

2001-07-30 Thread Marc Boeren 


> >accept_globals("GPC", 'user', 'password', 'value_*', 'more');

> I think that this is a clear example of "the enemy of good is 
> the even better" (I'm not sure how well this translates to 
> English :). 

Good enough to get your point :-)

> behavior only prefixed, use import_globals("GPC", "form_").  
> KISS should be our guiding light here.

As I said, I like that proposal. I say go for it.

I still like accept_globals better, though :-)

Cheerio, Marc.

-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DEV] Re: Proposal

2001-07-30 Thread Zeev Suraski 

At 01:07 30/07/2001, Marc Boeren wrote:

>Hi,
>
> > force a prefix onto the variable name.  I.e.,
> > import_globals("GPC", "form_");
>
>I like this idea (the whole idea of import_globals is good, I think, but I'd
>rather call it accept_globals, but more on that later :), only this would
>make it difficult to actually differentiate between get, post and cookie,
>needing import_globals("G", "get_"); import_globals("P", "post_"); and
>import_globals("C", "cookie_"); if that was needed.
>
>I would like to see it implemented something like
>
>accept_globals("GPC", 'user', 'password', 'value_*', 'more');
>
>where you can specify both complete names and wildcards, even though I'd
>like a better range-check for the wildcard, perhaps something like
>value_[0..12].

I think that this is a clear example of "the enemy of good is the even 
better" (I'm not sure how well this translates to English :).  We need to 
keep this function simple, and that way, it clearly isn't.  If you want 
three different scopes, use 3 calls.  If you want register_globals-like 
behavior only prefixed, use import_globals("GPC", "form_").  KISS should be 
our guiding light here.

Zeev


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: Proposal

2001-07-30 Thread Ramsi Sras 


UNSUBSCRIBE ME PLEASE!!
"Jeffrey A.Stuart" schrieb:
I like this proposal a LOT!  See, what I and
a few of my friends have recently
been doing is starting to teach PHP to website owners.  And they
have all been
taking to it VERY WELL!!!  (Actually Rasmus, you may remember
this.  You were
interviewed by TDavid of Scriptschool about 8 months or so ago I think
it was.
(I'm FurBall FYI. :)) Well, he sat down and did a 16 week course late
last
year on PHP.  It was VERY well recevied by many people!) 
So more and more non
programmers are starting to use PHP.  This proposal will allow
them to
"relativly" painlessly migrate their code to a safer way of coding.
On Sat, 28 Jul 2001 22:17:42 -0700 (PDT), [EMAIL PROTECTED] (Rasmus Lerdorf)
wrote:
[...text of proposal deleted...]
--
Jeff Stuart
[EMAIL PROTECTED]
--
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DEV] Re: Proposal

2001-07-30 Thread Marc Boeren 


Hi,

> force a prefix onto the variable name.  I.e.,
> import_globals("GPC", "form_");

I like this idea (the whole idea of import_globals is good, I think, but I'd
rather call it accept_globals, but more on that later :), only this would
make it difficult to actually differentiate between get, post and cookie,
needing import_globals("G", "get_"); import_globals("P", "post_"); and
import_globals("C", "cookie_"); if that was needed.

I would like to see it implemented something like

accept_globals("GPC", 'user', 'password', 'value_*', 'more');

where you can specify both complete names and wildcards, even though I'd
like a better range-check for the wildcard, perhaps something like
value_[0..12].

About accept_globals, I think that a newbie might see import_globals as a
necessary step to get things to work (which it is), and not think about it
any more. If you alter the function name, people might think a bit more?

import_globals: 'OK, if I want to use this variable, I need to import it'
accept_globals: 'OK, if I accept this variable, I must also check its
validity'

To be honest, I would like accept_user_globals even better...

Just another 2 cents :)


Cheerio, Marc.

-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: Proposal

2001-07-29 Thread Zeev Suraski 

Note again that we should not see this change for what it isn't - it *is* 
going to be a painful move for those who actually do it.  The reason for 
this is that register_globals=on silently encouraged writing of faulty 
code.  In turn, this means that people would have to go over their code in 
order to fix these issues, and no automated way of any kind can help.  The 
import_globals with prefix globbing can make the migration slightly less 
painful, because you can just add a common prefix to all of your variables 
instead of converting them to array index references, but you still have to 
go over all of your code if you actually want to review it for this issue.

That said, as I've been arguing in the last few days, this change is well 
worth the pain it'd cause.

As a matter of fact, I think that the easiest API would actually be instead 
of a prefix globbing, the 2nd argument of import_globals() would actually 
force a prefix onto the variable name.  I.e.,

import_globals("GPC", "form_");

would register all of the GPC variables with a form_ prefix, e.g.,  will end up being
$form_foo

import_globals("GPC", "");
would work, but generate an E_NOTICE

I think that would actually be easier than the pattern matching approach, 
because using this method, the users only have to change their form 
handling scripts, whereas using the glob approach, they also have to change 
their forms.

Zeev


At 04:20 29/07/2001, Jeffrey A.Stuart wrote:
>I like this proposal a LOT!  See, what I and a few of my friends have recently
>been doing is starting to teach PHP to website owners.  And they have all been
>taking to it VERY WELL!!!  (Actually Rasmus, you may remember this.  You were
>interviewed by TDavid of Scriptschool about 8 months or so ago I think it was.
>(I'm FurBall FYI. :)) Well, he sat down and did a 16 week course late last
>year on PHP.  It was VERY well recevied by many people!)  So more and more non
>programmers are starting to use PHP.  This proposal will allow them to
>"relativly" painlessly migrate their code to a safer way of coding.
>
>On Sat, 28 Jul 2001 22:17:42 -0700 (PDT), [EMAIL PROTECTED] (Rasmus Lerdorf)
>wrote:
>
>[...text of proposal deleted...]
>
>--
>Jeff Stuart
>[EMAIL PROTECTED]
>
>--
>PHP Development Mailing List 
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]

--
Zeev Suraski <[EMAIL PROTECTED]>
CTO &  co-founder, Zend Technologies Ltd. http://www.zend.com/


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]