Tom Insam

Revolutionary Input Validation

From the amusing PHP Manual Masterpieces, we have a function that combines my two favourite pastimes - date operations and using PHP!

int frenchtojd ( int $month , int $day , int $year )

Converts a date from the French Republican Calendar to a Julian Day Count. These routines only convert dates in years 1 through 14 (Gregorian dates 22 September 1792 through 22 September 1806). This more than covers the period when the calendar was in use.

I like the entry on frenchtojd particularly because of the virtually glossed-over:

Notice, however, that the documentation does not say what happens if you pass in invalid data [..] I’d try to find out empirically, but my online PHP shell has actually disabled this function for vague “security reasons.”

He’s ranting about the core library, but practically takes it as read that random subsets of PHP may or may not be available on whatever hosting provider you happen to be using? Is this problem just minor background noise compared to everything else?

(Has anyone tried to make a sane (and necessarily slightly incompatible) fork of PHP that actually has a “parser” and a “grammar” and other incredibly advanced compsci concepts? Something that would let people write a subset of the language that would actually be understandable?)

On the bright side, maybe the rise of nginx will lead to the downfall of PHP. Right now it occupies a privileged position as the unofficial Apache scripting language, but using nginx you can only call PHP through fastcgi, where it has the same overhead as everything else, and has to compete on features.