Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:107742 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 45736 invoked from network); 31 Oct 2019 17:11:40 -0000 Received: from unknown (HELO php-smtp3.php.net) (208.43.231.12) by pb1.pair.com with SMTP; 31 Oct 2019 17:11:40 -0000 Received: from php-smtp3.php.net (localhost [127.0.0.1]) by php-smtp3.php.net (Postfix) with ESMTP id B90E12CEF8C for ; Thu, 31 Oct 2019 07:59:49 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp3.php.net X-Spam-Level: * X-Spam-Status: No, score=1.7 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FORGED_SPF_HELO,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS8075 40.64.0.0/10 X-Spam-Virus: No Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-oln040092009055.outbound.protection.outlook.com [40.92.9.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp3.php.net (Postfix) with ESMTPS for ; Thu, 31 Oct 2019 07:59:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DSNW1hKMll+knBNyu5uY0QX80VELwVpqrdYOmh74858ZoHeeZt9DTGdESnINdyaAgVc89RzlorZPwAI6/5LXLm4tY+YTb1c/JhgdoEFlEUK9Dm9ZzDb9cRy8EHv3cJleHKDSO/CNoImlQf490eFr28ggXaC3mwAAvw55QFETPUZOJr/0Y6CpiwME0Aihzh2DSCAoJ4damcE/+qcK+aSc5xlm4rB05JnEUMcdIeZTNilZLVC5pywvA3t3ZIzF2NroyOfJhtOBR/jB5jqtcbd9eay/N3beBDYkyRY7PeIsooFHTCBpaFkBzySuDQsKcs9bArKWEGWNPK0SE1y7YKeqLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T3iKAwchmgTQa0T+tC3cWg2RSoAToHUzVDWu+BMxdtM=; b=ZaxBKeuhYe0LC0om0g6+Ui+CteYrw+n54ibJLQQ0b5iyQGK8e3Eo/8vwQKQLARSPKeGAm2eqf25F/JvN3jiu13yjGhNVXfN9cHzFwtJa32qFLoq+iI9qxmmDFckWLz0Cm7e4oL110mQje2IuEefXrWtJmy/Sh25gbG6j6bOoMbacLTvbfQ7jt111+p6+NGBQkLC53IXX/EAbvIqiPGjjVRJ3skqB9O2xzzAS8FoaeZS3umWSZDCWAUzd0TDLNW8rhaAdiqJV7aUdEl1L/qAD9ACBtQmK9JRJZ/ahFZpHD/yCzdox/PxPw6FahLePmL0RlLBsjbDFPDhsimIujcSpsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T3iKAwchmgTQa0T+tC3cWg2RSoAToHUzVDWu+BMxdtM=; b=s2xeUXFAl04sddVsiWm3cfKcYIVFVhlvdJsFBIcLe7f2DQ5AJe2UnkFnXuhBsxf/7YU2YHHNlzANI7NnHq2EY9inVnXRsDf7l7TbGmuLqC+dqF+5ZRY20ejbkS5k7PPJAtMAnz7nq/yDb+KYBoGM6mlV1apELTPfRVjPqvZSL0fK4sWBz996uKV1bVVoX6ZE5OpHCvsDSfTGjQRQEopd9bm15m3Ann0wwwS5meg6cYrfk0Yc1fSWwk1NjXbVZyFgSfDsKA5lqKGCnTNDZCo9MLxrTIy1QvJQHkfUw8X8irM+8sLdFUe9ibw7XEX06hYon+2A2bQ3aspZi9iXOgb6/A== Received: from BN3NAM04FT044.eop-NAM04.prod.protection.outlook.com (10.152.92.58) by BN3NAM04HT050.eop-NAM04.prod.protection.outlook.com (10.152.93.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20; Thu, 31 Oct 2019 14:59:46 +0000 Received: from DM6PR01MB4073.prod.exchangelabs.com (10.152.92.51) by BN3NAM04FT044.mail.protection.outlook.com (10.152.93.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.20 via Frontend Transport; Thu, 31 Oct 2019 14:59:46 +0000 Received: from DM6PR01MB4073.prod.exchangelabs.com ([fe80::1c7:7b51:ed3:fd36]) by DM6PR01MB4073.prod.exchangelabs.com ([fe80::1c7:7b51:ed3:fd36%7]) with mapi id 15.20.2387.028; Thu, 31 Oct 2019 14:59:46 +0000 To: Reinis Rozitis , 'PHP Internals' Thread-Topic: [PHP-DEV] [RFC] Deprecate Backtick Operator (V2) Thread-Index: AQHVfObHTKAn3OaiRE2fNwypPg53F6dQBJrCgABraYCAAAZBAIAAH6gAgABFg+s= Date: Thu, 31 Oct 2019 14:59:46 +0000 Message-ID: References: <5d976928.1c69fb81.db3a8.78daSMTPIN_ADDED_MISSING@mx.google.com> ,<000601d57dc7$ddb9e890$992db9b0$@roze.lv> In-Reply-To: <000601d57dc7$ddb9e890$992db9b0$@roze.lv> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:05F60ADF5671A5A19CE4461B0E29403F2849A37602609E3E89BC102BC252E18B;UpperCasedChecksum:0F7D5E59E4032544FBAE09342B8522129405922F03606BD6FEC119120B10252A;SizeAsReceived:7161;Count:44 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [4zEsgy9FgJN8pR13EKpFcgoPNkn8pfPO] x-ms-publictraffictype: Email x-incomingheadercount: 44 x-eopattributedmessage: 0 x-ms-traffictypediagnostic: BN3NAM04HT050: x-ms-exchange-purlcount: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: RQDtr8KW19pvp/R9STmK50i41bORqdpipRi54G6LGxO+3yWNnbwweSP8uigySTIJBGDV04N+m8zNxx4td5k8XD9bNM8cTXKivIFmnsrK+6pwwHwM3UJWlUeYDy7V6Vb5gXFggT3T+RJSo5BChDwKEBnWQ2Km2+f7pKwyptfurgfXwjZ4CcYaXuenIr8J1qDn4W80gpYKtywXh03emb60kpLFaNT+swOAAUah+iOk7So= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 1900fb06-70de-4e41-1d5e-08d75e12f852 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 14:59:46.3418 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM04HT050 X-Envelope-From: Subject: Re: [PHP-DEV] [RFC] Deprecate Backtick Operator (V2) From: theodorejb@outlook.com (Theodore Brown) On Tue, Oct 8, 2019 at 6:02 AM Reinis Rozitis wrote:=0A= =0A= > Not directly related to this RFC but out of curiosity - where does=0A= > this "doing the same thing in multiple ways is confusing" comes from?=0A= > (I mean this as serious question)=0A= >=0A= > I had the impression that programming in essence is all about that -=0A= > achieving/accomplishing something/the same different ways?=0A= =0A= Of course there will always be an infinite number of logical ways to=0A= structure a program, but this is quite different from having two=0A= different syntaxes in a language that do exactly the same thing. The=0A= latter is confusing since it's no longer clear which syntax should be=0A= used. The same situation existed with the curly brace array/string=0A= access syntax, which was deprecated in PHP 7.4.=0A= =0A= To share my own experience, when I first started needing to run shell=0A= commands in PHP and came across the backtick operator, I struggled to=0A= understand the difference between it and `shell_exec`, and which=0A= should be used in different circumstances. E.g. does the backtick=0A= operator automatically escape variables? Is it faster than=0A= `shell_exec`? It also caused me to assume that `shell_exec` must be=0A= preferred for some reason over `exec` and `proc_open` since there is=0A= a dedicated syntax for it.=0A= =0A= Ultimately it made the whole process of learning how to correctly run=0A= commands from PHP a lot more confusing than it should have been.=0A= =0A= I know I'm not the only one that has been confused by it. If you look=0A= at the PHP manual page for Execution Operators [1], the top voted=0A= comment (by far) is from someone who accidentally typed a backtick=0A= into their code and had a very difficult time debugging why their=0A= script didn't work as expected.=0A= =0A= As I see it, this syntax is not only confusing, but also dangerous.=0A= A programmer coming from JavaScript might think the backticks are=0A= simply storing a string, when in fact it will be executed as a command.=0A= Furthermore, the (undocumented) ability to include variables in the=0A= command can encourage terse but insecure scripts which fail to=0A= properly escape user-supplied arguments.=0A= =0A= Theodore=0A= =0A= [1]: https://www.php.net/manual/en/language.operators.execution.php=