Re: php to do input validation...

[Kevin Carlson <kevin () kcarlson net>]

Only if it can do things not easily accomplished otherwise.

I generally clean up user input using preg_replace and regular 
expressions.  That's just one extra line of code and arguably more 
self-documenting than adding more parameters to other functions, or 
creating new ones....

Kevin


Matthew Wirges wrote:

> I thought this was interesting...
>
> http://news.php.net/php.internals/14474
>
> Turns out that there may be input filtering in PHP's future. Maybe 
> even in the next release of 5.x.  Read that thread for more information.
>
> My question for webappsec, is do you think its a good idea for a 
> programming language to add this sort of functionality?  Does it 
> coddle users?  Does it give a false sense of security (especially if 
> they aren't implemented right)?  Or do the positives outweigh the 
> negatives?
>
> Cheers,
> -matt