What does this nonsense reply even mean? Nobody is talking about one-size-fits-all. People are talking about mitigating some stupid default behavior in a language. The suggestion "You're doing it wrong" just feeds into his point (that you can even get something this straightforward wrong in the first place indicates, maybe, you should put a fence there to warn people).
Programmers have so much stockholm syndrome it's unbelievable.
> I would love to be able to say ini_set('sanitize_rest', true) and deal with errors that might result from that knowing at least the strings are safe.
How is a magic ini setting to "make
Strings safe" not a one-size-fits-all?
> People are talking about mitigating some stupid default behavior in a language.
What stupid default behaviour? Giving you data as its received and tools to validate/sanitize it as required?
Programmers have so much stockholm syndrome it's unbelievable.