Zend_Filter Reviewed on SitePoint

28 Mar 2006

Maarten Manders graciously took the time to review the Zend_Filter component of the Zend Framework. I think criticism and public discussion are healthy. Unfortunately, I don't have time to offer a very detailed response, but I'll try to remedy that with a followup post later in the week.

One thing worth noting is that Zend_Filter was extracted from Zend_InputFilter shortly before the preview release. Because it provides such a rigid approach to input filtering, some contributors pointed out that Zend_InputFilter does not provide enough flexibility for simple cases such as filtering an argument passed to a method. (Discussions have taken place on the mailing list about whether such granular error checking is beneficial.) To remedy this, I decided to separate the filtering methods from the input filtering framework that uses them.

Zend_Filter is far from impressive, in my opinion, because it's simply a library of static methods for filtering data. (I do think the naming convention is more consistent than alternatives.) Combined with Zend_InputFilter, however, it offers a much more structured approach to input filtering, and I think it's a big step in the right direction toward more secure PHP programming.

I should really explain Zend_InputFilter in more detail, but since I'm pressed for time, here are some quick responses to Maarten's specific comments:

I'd like to thank Maarten for taking the time to compose his thoughts and impressions, and I'd also like to thank everyone who has done the same on the mailing lists.