Blue PHP ElePHPant plush toys are so yesterday. Ben Scholzen (you might know him as DASPRiD on IRC/Twitter) is now taking pre-orders for green Zend Framework ElePHPants. Yes, they are green. Yes, they have “ZF” printed on them. No, they are not a repository of Zend Framework knowledge. We tried really hard, but Intel insists that magical toys from the future are not real. Thank you for getting my hopes up, Mimzi. Stupid rabbit.
Ben needs to reach a minimum production order of 1000 small ZF ElePHPants and is currently hovering at around 200 after the weekend. If you, your user group, or your pet poodle want one of these, visit Ben’s pre-order page for more information.
The ZF ElePHPant is great for numerous reasons. Once you’ve finished admiring it, you can place it anywhere on your desk. It can sit on your monitor, on a stack of programming books, or dangling from some string to distract the cat which tramples all over your keyboard sending embarrasing emails in search of ear scratching. Cats are easy.
Due to production issues, Gamma Ray exposure will also result in a surplus of large green ZF ElePHPants for those with gigantic desks or pet tigers. We are not responsible for anything that occurs if you anger the ElePHPant.
A short time ago today, I submitted a PHP RFC for discussion which proposes adding an SPL Escaper class and, quite possibly, a related set of functions dedicated to escaping data for output to HTML/XML to PHP.
Programmers would have one perfect option that clears up the confusion, ignorance and poor practices that are evident throughout PHP’s community.
You’d just have to remember to use it .
Zend Framework 2.0 and Symfony 2′s Twig are already using the userland version of this RFC written in PHP. That’s great if you use those frameworks. Everyone else, including those with far less awareness of good security practices, are better off with a faster core PHP implementation which can be used by every framework, library and application with minimum effort. Let’s make escaping the right way easy.