Are these API's not stable? What I'm thinking might resolve a lot of
the fuss here is that we DO implement what is suggested below. It
would be extremely useful, and it would really promote safe coding,
which should be a goal should it not?
On 3/15/07, Matthew Weier O'Phinney <
matthew@...> wrote:
> -- Rob Allen <
rob@...> wrote
> (on Thursday, 15 March 2007, 10:01 AM +0000):
> > Ed Finkler wrote:
> > > More disturbing, though, is the total removal of the Zend_Filter_Input
> > > component from the ZFW. ZFI was a very effective tool for limiting
> > > access to user input arrays like $_POST and $_COOKIE, wrapping them in
> > > an object and forcing the developer to use object methods to access the
> > > data.
> >
> > I really liked Zend_Filter_Input too because it made the "safe" way the
> > easiest way. Usually in PHP, the easiest way is the most dangerous way
> > and ZFI was the first time I had seen a solution that reversed that.
> > (e.g. Zend_View provides an escape() function rather than an asRaw()
> > function)
> >
> >
> > Moving forward from where we are at the moment, I'd like to see a way of
> > integrating filtering into the request object so that I could do:
> >
> > $searchTxt = $this->_request->getFilteredParam('searchTxt','StripTags');
> >
> > or something similar so that my controller code is less verbose.
>
> I've been waiting to do any filter integration until after Zend_Validate
> and Zend_Filter stabilized. I expect you will start seeing this kind of
> integration post-1.0; I've already got it on my roadmap.
>
> --
> Matthew Weier O'Phinney
> PHP Developer |
matthew@...
> Zend - The PHP Company |
http://www.zend.com/>
