Menu
▾
▴
Re: [binarycloud-dev] Re: Lang
|
From: Alex B. <en...@tu...> - 2001-05-26 23:47:51
|
btw: everyone thank Nico, because of his _excellent_ code, I am very very nearly done with the Lang class. (on that note, has anyone had trouble with session_is_registered always returning true? agh!) > Ideally, you'd still keep both - so you could POST to > foo.com/something/param1/param2 > > and get the params as GET and your POSTed stuff as POST. correct. > But that's not why I write... > > We've put together something similar to bc, and had to make the same decision > awhile ago, and it's something we enforce - no option to turn globals on - > actually, I don't care if they're on, no code references anything by globals. > This was fine for the core of us using it, and caused consternation when > someone new came on board who wasn't use to it. And I remember hating it in > ASP a few years ago. Right, which is why I will _only_ require people that want to _distribute_ modules with binarycloud to use Request. But I will encourage the hell out of turning off register_globals. If the idea of using $Request->GetVar('foo'); is foreign, you can keep register_globals = on and not have a problem. I will likely have it on in the distro php.ini so people aren't confused when they do an install. But, for security, it's pretty bad to keep it on :) > foo.com/index.php?bar=cow > > having $bar=="cow" *automatically* was one of the big selling points of PHP > back then. But as we've noticed throughout the years, and Alex points out > again, security is a concern with this. And forcing this kind of structure on > to an application can only help as it gets bigger. Also, another neat thing > we've been able to do easily (not that it couldn't be done with > HTTP_POST_VARS, etc) is log request data. In one app, we log all incoming POST > data - it helped for debugging, and we just left it in. It helps occasionally > troubleshoot problems we have with user errors ("I didn't make that purchase!" > - well, the POST data from your IP at that time shows you did, etc.) Overkill > for most apps, yes, but imposing these kinds of structures can really be > helpful. Wow, maybe ASP had a redeeming quality? ;) yes, exactly. you can easily extend request to keep an _autitable_trail_ of _every_single_thing_ever_ that comes into the app :) now, for joe bob's beer mart, this is probably not a big concern, for some other people I know... yeah.. bigtime. -alex |
