Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117219
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 2864 invoked from network); 2 Mar 2022 15:03:38 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 2 Mar 2022 15:03:38 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id C1E78180539
	for <internals@lists.php.net>; Wed,  2 Mar 2022 08:25:07 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: Error (Cannot connect to unix socket
	'/var/run/clamav/clamd.ctl': connect: Connection refused)
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com [209.85.208.171])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed,  2 Mar 2022 08:25:07 -0800 (PST)
Received: by mail-lj1-f171.google.com with SMTP id bn33so3021737ljb.6
        for <internals@lists.php.net>; Wed, 02 Mar 2022 08:25:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=lXmZSpcxHiI2h5H4NrMqDHCf4lw975QsILBFXNXzFxo=;
        b=feOCrWU4ZTtI+YBKXhwMvus510agIV7OOh0U21/wdDDC1cgnDW97MMH9llZxbgkcsU
         jhRQzJRG9k3dGDo8sHNuHvFmf0Dzzmy2FWUmpBOltX5kgSPOsJX9LFz1XT+gVA1NVk+Y
         /jYp1D9CfPihKbZtPuhj2iFaC5Ngrkp+6DPgc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=lXmZSpcxHiI2h5H4NrMqDHCf4lw975QsILBFXNXzFxo=;
        b=Nc94ez9BjDW3djtvRuAag6Av/IJ8NgLGyHY3IbzMss6Fdb+y+QlCVLNgz+hAWCAkIf
         QH47jnFepF/8coC4KZEDN3IivBGuFgXtnIS/YDq66uYt+jSmEWKuLq7SUnnWoHvc/LZd
         rIOC1P/pWNAHAJPE9iLcET8t1jys3AW35ASMnKLJu9l6zxQsaYhFudowJiNnJZOmBSnb
         AFU/7kRII4out05ttduq6DbyKOJNuVseKKPUq8j2VcLbgn6s+9Gap5Ax+ygv1DW3rOqN
         31LYjlf3GqVC7KNI/Hkxx4E70wyBeuVUnu3h9C5dEILF202zezE3/3U8D7taYCu5qTFh
         KMDg==
X-Gm-Message-State: AOAM533L/HL0ahcZaXaE5eQ/q6D68mdbwuiyt5qg8spnapzohuxIByt8
	0h3VCXr28M2hniBnuGDf7shSwQoaMIp6BmFW3GtCKg==
X-Google-Smtp-Source: ABdhPJwiXw18u1vKyKEWF/whHtNOmipP+Q2UBKddl9VnxfZxdPoeBQ8b9bJVmgvLhxGdEH3U8kHJwBKNVVezyFdYtkE=
X-Received: by 2002:a2e:bc11:0:b0:246:609b:8843 with SMTP id
 b17-20020a2ebc11000000b00246609b8843mr15826015ljf.27.1646238304634; Wed, 02
 Mar 2022 08:25:04 -0800 (PST)
MIME-Version: 1.0
References: <CAFv4g+Efz-V5V1uUedXpusNw6z-on=TT3kdWgC66SptSd8kB4g@mail.gmail.com>
 <CAFv4g+GDsq=w7qtSOVptEBiTTDZk2aeFCVGThVBR=0-xk=0oAA@mail.gmail.com>
 <983552d8-11f1-b5bc-fb82-148347982fda@gmx.de> <5494eaa7-2fa6-8364-9683-a2c8c9789d81@gmail.com>
 <CAC5V6gjianVuPo654_-mETYxsu0-eSo++Ez1yy81MNEcfwFq1Q@mail.gmail.com>
 <69642616-72b7-44fe-97a7-27ae03bc8fce@www.fastmail.com> <CAFv4g+F0HOgCgeUyiG06qhxQnWbVCN2aaP=a2CJT9tkbMP7kLg@mail.gmail.com>
 <7fbed755-42e2-d023-285f-39863a97f297@gmx.de> <3665C848-B4C3-4528-AEFA-02C868748AA8@cschneid.com>
 <0b5bc29d-3814-0e1d-b94a-47790019c778@gmx.de> <CAFv4g+HPm+edmgnPAGwBk=4EJxj2can--iWfgtMasrYHk6pLww@mail.gmail.com>
 <4bff3f23-a3ec-4416-f44e-1f4f5d7e0caa@gmail.com> <CAFv4g+E159xoR4hxtsay-FamCSrJN+DmodvjzYGHcd1pQFsX+Q@mail.gmail.com>
 <c51f0919-82a0-dffd-47f2-f63f144feb5f@gmx.net> <CCA1B582-AE5E-4FC1-8452-5E261F046093@craigfrancis.co.uk>
 <96d2babf-63d5-9fdb-8b95-a117247a9d21@gmx.net>
In-Reply-To: <96d2babf-63d5-9fdb-8b95-a117247a9d21@gmx.net>
Date: Wed, 2 Mar 2022 16:24:53 +0000
Message-ID: <CAFv4g+Fo4Lm_0TiPTvs3k0cc2NJ3AndgKuprjFON_1XPNky6rA@mail.gmail.com>
To: Andreas Leathley <a.leathley@gmx.net>
Cc: internals@lists.php.net
Content-Type: multipart/alternative; boundary="0000000000005d227f05d93eb916"
Subject: Re: [PHP-DEV] Allowing NULL for some internal functions
From: craig@craigfrancis.co.uk (Craig Francis)

--0000000000005d227f05d93eb916
Content-Type: text/plain; charset="UTF-8"

On Wed, 2 Mar 2022 at 15:21, Andreas Leathley <a.leathley@gmx.net> wrote:

> This is the behavior for explicit type casting (strval) and the implicit
> casting when using a variable in a string context, like echo or print.
>


But that's what the RFC is about.

Although you do raise a good point, why does `print(NULL)` not complain?

Think about htmlspecialchars(1), that integer is going to be cast to the
string '1', in exactly the same way that NULL is cast to the string ''.


This is basically just a base necessity - for example an array is
> converted to "Array". All information about the array is lost, except
> that the string is now called "Array". So would you say something like
> htmlentities should also accept array values and automatically convert
> it to the string "Array"?



Oddly, I'm fine with `htmlentities(array())` being rejected, because it has
always been rejected... and, arrays/objects cannot be easily coerced to a
simple value (null can be, and is).

My focus is about not needlessly breaking code that works, I want everyone
to upgrade to PHP 9... you will notice I'm not complaining about the fairly
easy to implement `#[ReturnTypeWillChange]`, the change for
`mysqli_report()`, or the change I made for `htmlspecialchars()` to ensure
single quotes are encoded by default... but tracing very variable from
source to sink, that is *hard*.


> It really depends on your code base... Laravel, Symfony, CakePHP,
> > CodeIgniter (the frameworks I'm familiar with) all return NULL for
> > missing GET/POST/COOKIE values, and that is a useful feature... but
> > when the developer naively passes that to any one of those listed
> > parameters, you will get a deprecation message in 8.1, and a Type
> > Error in the future... and finding all of these is incredibly hard.
>
> These frameworks change their types and signatures quite often



Yes, but, as noted, returning NULL for a missing value is useful... I
highly doubt they will change these function signatures so the default is
an empty string, and make the return value always a string.


Compared to the changes produced by frameworks this deprecation about
> string values and null seems much smaller to me.



It's a small problem today, because it's a new deprecation (note how
WordPress is just telling people to ignore it)... the problem comes when it
becomes a Fatal Error.


And I do think it is important that coercions in the language become less
> frequent rather than more frequent, also because the language does have a
> certain "role model" effect. From 7.0 until 8.1 it was a legacy effect that
> converted null to an empty string, and only for internal functions, but
> with your proposal it would be an intentional decision to start treating
> null and scalar types more interchangeably.
>


I am not making it more frequent, it's how it has ways worked (with the
oddity of user defined functions that specified parameter types); if you
don't like coercion, that's fine and good, but you should be using
`strict_types`... if PHP isn't going to support any coercion, then also
fine, but deprecate it all (and accept the consequences).

Craig

--0000000000005d227f05d93eb916--