There appears to be a Validate package in Pear that I'm interested in useing in production. Our site has about 20M uniques across 10 languages, so as part of due diligence, thought I'd asked around here.
Does anyone have any experience with this PEAR package?
Is it ready for production?
Here's the Validate package in question: http://pear.php.net/package/Validate
Intro: http://pear.php.net/manual/en/package.validate.validate.php
Bugs (only 78 ever filed...) http://pear.php.net/bugs/search.php?cmd=display&package_name[]=Validate&status=All
Judging by the revision number and the revision title. (0.8.2 (Beta)) i would say no. Personally i would advice against using any Beta product in production, though there are many cases that it worked out fine (stackoverflow for example). Though you are always running a risk of something happening.
The validate functions have been around a long time - some since 2003. I wouldn't worry too much about the beta tag, but I am still paranoid about code - so write tests for yourself, and don't upgrade the PEAR library on your systems without testing.
Even better - consider integrating the PEAR code you use into your own code-base rather than depending on the system PEAR library that can be upgraded separately.
you can make your own pear install (ie one that isn't system wide) - so you don't have to worry about any interdependencies when you upgrade - let the pear installer figure that out for you.
this is better than simply copying the code of pear packages into your own repo - what would you do if you miss a cricual bug fix released after you've inserted those pear packages that you're using into your revision control system?
honestly the validate package should be taken out of beta - it's been stable other than in name for a very long time.
I'd strongly advise against integrating the PEAR code you use into your own code-base. What happens then if a new version of one of the PEAR packages you use is released to fix security issues and there are multiple dependencies from that package onto others? Do you download the new versions and check everything works ok and that you've not added a bug yourself by missing something?
The best thing to do, if you are paranoid of the system-wide PEAR install being compromised, is to make your own PEAR install. http://pear.php.net/manual/en/installation.shared.php would be where to start for doing this.
Then it's just a case of doing $pear upgrade [Package] rather than copying loads of files around.