Re: Class Static variables in double quoted string or heredoc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-04-25 at 14:44 -0400, Eric Butera wrote:
> On Fri, Apr 25, 2008 at 2:36 PM, Robert Cummings <robert@xxxxxxxxxxxxx> wrote:
> >
> >  On Fri, 2008-04-25 at 12:25 -0600, Nathan Nobbe wrote:
> >  > On Fri, Apr 25, 2008 at 11:35 AM, Nick Stinemates <nick@xxxxxxxxxxxxxx>
> >  > wrote:
> >  >
> >  > > On Fri, Apr 25, 2008 at 01:19:58PM -0400, Robert Cummings wrote:
> >  > > >
> >  > > > I don't see how the throwing everything and the kitchen sink into double
> >  > > > quotes support caters to either of these groups. It strikes me, and of
> >  > > > course that's who matters here >:), that it caters to the messy, "I wish
> >  > > > I REALLY knew what I was doing", slovenly crowd.
> >  > > >
> >  > > > Just because a feature exists, doesn't mean you should use it!
> >  > > >
> >  > > > Cheers,
> >  > > > Rob.
> >  > > > --
> >  > > > http://www.interjinn.com
> >  > > > Application and Templating Framework for PHP
> >  > >
> >  > > Agree, and couldn't imagine working with someones code where they
> >  > > liberally use these types of lazy things. I like structured, ordered
> >  > > code, and, somehow, using something like this technique doesn't seem
> >  > > structured or ordered.
> >  >
> >  >
> >  > to each his own; as i said personally, i consider those *more* structured
> >  > than the concatenation operator, when they work ;)  but anyway, i got lured
> >  > into the argument for parsing variables and function calls in double
> >  > quotes.  i have been arguing for the $className::$staticMember
> >
> >  Well, I certainly don't have a problem with $className::$staticMember.
> >  But then, we ween't talking about that, were we! :)
> >
> >
> >  > i piggybacked into this conversation because of a lack of response on a
> >  > previous post from this week.  and just to pour gas on the fire, if you guys
> >  > want to know a syntactic sugar feature i avoid like the plague, its the
> >  > ternary operator!
> >
> >  I find it succinct for short evaluations... such as getting a $_GET
> >  entry whether it exists or not.
> >
> >
> >  Cheers,
> >  Rob.
> >  --
> >  http://www.interjinn.com
> >  Application and Templating Framework for PHP
> >
> >
> >
> >
> > --
> >  PHP General Mailing List (http://www.php.net/)
> >  To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> You know... this topic hasn't been approached from the security angle
> either.  Best practices indicates all output should be properly
> escaped based on the context it is going to be used in.  So unless
> that whole string is going to be escaped or a strong application level
> filter using ext/filter is in place this should really be broken into
> printf("Welcome %s",
> htmlspecialchars(session::$user_info['user_name'], ENT_QUOTES));,
> right?  ;D

Why would anyone use htmlspecialchars() on a shell script?

>:)

Cheers,
Rob.
-- 
http://www.interjinn.com
Application and Templating Framework for PHP


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux