Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:115005
Return-Path: <danack@basereality.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 23118 invoked from network); 22 Jun 2021 08:35:40 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 22 Jun 2021 08:35:40 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0F8061804C3
	for <internals@lists.php.net>; Tue, 22 Jun 2021 01:53:50 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <danack@basereality.com>
Received: from mail-ua1-f48.google.com (mail-ua1-f48.google.com [209.85.222.48])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 22 Jun 2021 01:53:49 -0700 (PDT)
Received: by mail-ua1-f48.google.com with SMTP id a14so639293uan.3
        for <internals@lists.php.net>; Tue, 22 Jun 2021 01:53:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=basereality-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=vVD5cmBRFYIBiHuLqBiR95QFP5hL++T9wax/s1SdA9k=;
        b=E3unI2ARpJFI32bhoI3REDSGh/IphCcHpV7Gf6wn2c/4yoVNP4FaordXb2JxQ+64VL
         eL4pDAS4bPWEBM8ZziC8DyfzyvFFtaGkwKAz9pXQKyNPKQqHZQhPC8/uMSn/3uYyFyL2
         dra/tFNX3eDHtTXdjckiubiLhJayHyLOHxIPfTCuR7UP62Swh5o5mqxlzch3FAVLm5Rz
         WA7i5NepppeXzBXitvnw9kENvQJeMHHW8TSx7O75xIRi4w79QN7MSZtDi4TnFqBAAw/f
         nmbPayRhW1g1bnn6ZRC++hgrdjOkFQg0MaTuJ2m7Dkcl3+Y0yB6/nl02Q6CmfUrIJZh+
         VeLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=vVD5cmBRFYIBiHuLqBiR95QFP5hL++T9wax/s1SdA9k=;
        b=g4DtpFepfqAR92Abt/xDjFKv+GSDhlFMrFJslA6gE51q96SQJjIzjx2/wbwyfTq8QO
         D1yvGzyrGhGCuoKIvPEbMvbtejfIfyuLbQ28V//cgJLjyDfobdNN6yIJhlCed4se4sBk
         IWo61LDm12FJH3Uf6lgY1vHYQ0MJFbD+MLBE/m5RsnPUdGmf/5Y9f/FD2OicqamUpPCg
         nGKXX4Deyh8CKdtYISz3qAm2ZrZYG0zhCl8/s1klpWS+bJAto0qvBdz4GgPBjc/YNpMT
         CA8kZ1R4NlX1Sv2w7X+RLupC2qZGeQaVZVvv5MNV75GZ7KnT3OheH/+b7TkcY9UtW9eJ
         ZxMQ==
X-Gm-Message-State: AOAM532bra5GPUH0h80Npk+BFzmKaiORu1L7lqLYb6Zs6ybXH5ZVvu3f
	QpsT4K6F0H++kRy/WlvrI60EqMWyRIEahiaWPv1PuA==
X-Google-Smtp-Source: ABdhPJwLlBwNS5If3NdQA+SrKViQqTCE3ODWyn7SpfVNZgFgqk1cXXVbLA2TObgtUWCkicZPAiv7Sr+jo4d0uZk0KPw=
X-Received: by 2002:a9f:242b:: with SMTP id 40mr2282815uaq.20.1624352027727;
 Tue, 22 Jun 2021 01:53:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAFv4g+F-7F7o6va5wCrojKe+Uysx2Ec3H4yV_mUZYEyNm3MkdQ@mail.gmail.com>
 <CAOwTYAt3rztsZ1BTjEbsonqPR_thgG7UqEUO2pKeN=dEg1jqgg@mail.gmail.com>
 <CA+kxMuSJvk2bDM1dQnZHxgiO+YrYhbjS8BziAy+YGSSW8cR1nw@mail.gmail.com> <f7288bfd-e9e6-f77e-358b-c0d6fe12a9d9@nunninger.info>
In-Reply-To: <f7288bfd-e9e6-f77e-358b-c0d6fe12a9d9@nunninger.info>
Date: Tue, 22 Jun 2021 09:53:35 +0100
Message-ID: <CA+kxMuQ5AkOmgoidX2Mt+y31B=6SwLctCcr6S+s5jf7boH=omA@mail.gmail.com>
To: Thomas Nunninger <thomas@nunninger.info>
Cc: Joe Watkins <krakjoe@gmail.com>, Craig Francis <craig@craigfrancis.co.uk>, 
	PHP internals <internals@lists.php.net>, Matthew Brown <matthewmatthew@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] [RFC] is_literal
From: Danack@basereality.com (Dan Ackroyd)

On Mon, 14 Jun 2021 at 14:27, Thomas Nunninger <thomas@nunninger.info> wrote:
>

Thomas Nunninger wrote:

Thomas Nunninger wrote:
> Only some (infrastructure or
> end-to-end) test that covers the business logic plus the corresponding
> infrastructure by accident would uncover an error.


I think testing will be much less of an issue than you might expect,
but partly only if string concatenation doesn't carry the flag around.

The whole point of the idea of literal strings is to make it be easier
to write some code that:

i) is safe.
ii) can be reasoned about at scale.

Passing bare strings around is not so great for either of those
things. You have to manually remember "this is a string that is
intended to be used in a particular way. And doing that in a large
code base, when your engineering department is large enough to work in
separate teams is particularly difficult.

Instead of using bare strings, using a more specific type e.g.
HtmlAttribute::fromString('#fff'); and then passing that around would
be much easier to reason about.

Similarly for the thoughts about concatenating numbers into strings.
Yeah, people might think they want that, but in practice using an SQL
builder that allows you to put the number in the right place like:

$sqlBuilder->add('SELECT * FROM foo LIMIT %d', FIXED_LIMIT);


And then predictable when the request comes in to allow users to set
their own limit, changing it to:

$sqlBuilder->add('SELECT * FROM foo LIMIT %d', $_GET['limit']);

Doesn't take any time to refactor the code, because it's already using
an appropriate library that handles variables correctly.

cheers
Dan
Ack