Revolutionary Input Validation

From the amusing PHP Manual Masterpieces, we have a function that combines my two favourite pastimes – date operations and using PHP!

int frenchtojd ( int $month , int $day , int $year )

Converts a date from the French Republican Calendar to a Julian Day Count. These routines only convert dates in years 1 through 14 (Gregorian dates 22 September 1792 through 22 September 1806). This more than covers the period when the calendar was in use.

I like the entry on frenchtojd particularly because of the virtually glossed-over:

Notice, however, that the documentation does not say what happens if you pass in invalid data [..] I’d try to find out empirically, but my online PHP shell has actually disabled this function for vague “security reasons.”

He’s ranting about the core library, but practically takes it as read that random subsets of PHP may or may not be available on whatever hosting provider you happen to be using? Is this problem just minor background noise compared to everything else?

(Has anyone tried to make a sane (and necessarily slightly incompatible) fork of PHP that actually has a “parser” and a “grammar” and other incredibly advanced compsci concepts? Something that would let people write a subset of the language that would actually be understandable?)

On the bright side, maybe the rise of nginx will lead to the downfall of PHP. Right now it occupies a privileged position as the unofficial Apache scripting language, but using nginx you can only call PHP through fastcgi, where it has the same overhead as everything else, and has to compete on features.

Published by Tom Insam

programming / london / san francisco / bacon

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s