Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121505
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 82363 invoked from network); 29 Oct 2023 11:02:38 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 29 Oct 2023 11:02:38 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 50C4A180212
	for <internals@lists.php.net>; Sun, 29 Oct 2023 04:02:37 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_40,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun, 29 Oct 2023 04:02:36 -0700 (PDT)
Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-53fc7c67a41so9588112a12.0
        for <internals@lists.php.net>; Sun, 29 Oct 2023 04:02:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default; t=1698577355; x=1699182155; darn=lists.php.net;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=8kyTPxOq5xNlQ9lxE9t7WR//jCL6CBZ6wLqP4i3aElw=;
        b=Cx7qOnrXzmBu+UFS/Ivvcicxp7II6Vj5646XcY8SYL4DP72dVQQuaSRXXbnZB62/B0
         TJmpkbi2RM4Ei88UsCE0iISrEdW3f3vdcvDidniFqqhE4k0P98sc4wpojDEikpT5Oju3
         hlrWraYlXNx1EP6gJOQpN4MYy/lA83C1iuYBQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698577355; x=1699182155;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=8kyTPxOq5xNlQ9lxE9t7WR//jCL6CBZ6wLqP4i3aElw=;
        b=dKyZ4NLa/4kzCQt6tWRblPSl2TiEXcDxdJGrn9M+HmQpJ1xtbdUjaiihhjYw4CmJtU
         BrJ8t2mfJhM+v/oRaEiPKaUmr0SOk55RzNB/AViQQjQG8BJgbKXabIj81vG3RbSOtm6m
         FvhhX5y/I38Nb1qmfzgZO2OcTAut7w2iw54Xe6T6qXd4YLVEuDufC8KXNo4k+zDXc6us
         8ku4Nfd81ZVIQ1fv+0C18xClP2hqLqN1XPt6gNdEoNhrrsfsrcdNoLRQ0M/yo8QP0HaW
         x4oz+G4GNN4kTEpzlrJDWb7kl7o3f26a+NB20PPBluNOoXCk/5euxeeG3Z1zoZit5MpV
         pryA==
X-Gm-Message-State: AOJu0Ywu2ANWjsTz7y/t/w3PioyOvSzqsb/31Ht5bVgE8P4nxyIwik1K
	055d3RRidg3+/L/CiM/vHfLUyEiwBnzkS6a4Er6y9P9eg+VyQmevm2BQ2w==
X-Google-Smtp-Source: AGHT+IHi9AP78fpDBtZLKA6+V2y9n73NwslBjNDky0C11Ne3UrtHwhu8CDV9NHuWnPnRP5sqGatwMwXiudt9609KnQA=
X-Received: by 2002:a50:ccde:0:b0:542:ff1b:6c7a with SMTP id
 b30-20020a50ccde000000b00542ff1b6c7amr1420398edj.9.1698577354933; Sun, 29 Oct
 2023 04:02:34 -0700 (PDT)
MIME-Version: 1.0
Date: Sun, 29 Oct 2023 11:02:24 +0000
Message-ID: <CAFv4g+EqzB7whakuN-sr6YL2ih9xhHPzCsvTsEgJKMXBh9H9wQ@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000dd5e950608d8db01"
Subject: Passing null to parameter
From: craig@craigfrancis.co.uk (Craig Francis)

--000000000000dd5e950608d8db01
Content-Type: text/plain; charset="UTF-8"

Hi Internals,

I'm getting really annoyed at the "Passing null to parameter" problem, and
it happens with new code as well.

I know you have distain for websites that don't use strict types, or static
analysis at the strictest level, but yesterday I was working on a 15 year
old website, it still works well, it uses PHP as a simple scripting
language... because the payment gateway returns a user to the websites
thank-you page with a POST request, and customers leave this page open,
browsers complain (asking to re-submit data), so I just needed to change it
to a GET request, with the order reference in the URL, so I stupidly added
this:

```
if (($_SERVER['REQUEST_METHOD'] ?? '') == 'POST') {
  redirect('/thank-you/?ref=' . urlencode($ref));
}
```

I didn't realise the payment gateway doesn't always provide the order
reference, so the function to get the $ref from the POST request returns
NULL... at the moment that's just an annoying deprecation, but does it
really need to become a fatal error in PHP 9?

Should I be using Rector to update this to `urlencode((string) $ref)`?

Keep in mind, we can still compare NULL to an empty string, concatenate
NULL onto a string, add NULL to an integer/float, and echo/print/sprintf
NULL, we can even use NULL for an array key (as in, it get coerced to an
empty string)... and type coercion happens in other contexts as well, e.g.
passing the string "5" to an integer argument... but NULL will be special,
and cause a fatal type error? really?

Craig

--000000000000dd5e950608d8db01--