Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121634
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 15464 invoked from network); 10 Nov 2023 11:30:00 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Nov 2023 11:30:00 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 18F2D1804B3
	for <internals@lists.php.net>; Fri, 10 Nov 2023 03:29:59 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 10 Nov 2023 03:29:58 -0800 (PST)
Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-32ddfb38c02so1127058f8f.3
        for <internals@lists.php.net>; Fri, 10 Nov 2023 03:29:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default; t=1699615797; x=1700220597; darn=lists.php.net;
        h=references:to:cc:in-reply-to:date:subject:mime-version:message-id
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=Q5vFV+TLlcffp6lgtjSkCWr5EwkWT7bcfZjL8W0PuJE=;
        b=CKcHimT0ALh2+0jd5LbXWspXnOwwIFopop/1EKCKXWe3rfPQxDzDqK+ZzFrJKM6f9g
         5J94aXp0i0Wn6IdSsnrSBh8vWY0Q+y9ZzXkX5HHKGBkMLvAiHMHFW2Uejeny0584dvbt
         4rWm5h1pO+e3P9xX65yAkFCqb+N72Wf/D4DmE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699615797; x=1700220597;
        h=references:to:cc:in-reply-to:date:subject:mime-version:message-id
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Q5vFV+TLlcffp6lgtjSkCWr5EwkWT7bcfZjL8W0PuJE=;
        b=ty8nWvUipwzEGthA7LaBNJ9cOBw0HLkkYTRuLCO2rhbYWMLIXTclN1VIMpqWlADr4H
         TRtPejq1bH2RtvutkaPOPjiU3sPKJAiunSzwollXUNUTA/55tPOhPqcN3mu9v3NBLLzr
         mVnihKXrOkKQ4hEWpt54xEuxy6BA9G/zYXL03bnNYt8PSHd+mJVpXj6MfGcv4EI3hOsF
         fxc2uFYP4VsjE0Avqvp3sgPyw4rvdzPgDDBHdqtzuy4jhR/p1JVLzk6g9fFE4gg+2MYF
         KZrvFyJYMjhH2VD8pb2wg2gufgCw7c9JgI1clq8hr1UUMcqC1/PDtp4ebPEQkKndaeTx
         UZCA==
X-Gm-Message-State: AOJu0Yy9CgALgABi11NvFEakQkfhx20lD0bHhhatgf1cBN4ZbfdHZgUi
	RPlIakXQh1NatIrlCINPphqwQQ==
X-Google-Smtp-Source: AGHT+IFtm5e2eiv7EwtAHw76CZ9jBtYC10Gar66zjMValJ2VeDOviNUmWOdbg3lk0E2JjBFgvMAYCw==
X-Received: by 2002:a05:6000:4e2:b0:32d:a466:48d8 with SMTP id cr2-20020a05600004e200b0032da46648d8mr6056275wrb.69.1699615796965;
        Fri, 10 Nov 2023 03:29:56 -0800 (PST)
Received: from smtpclient.apple ([92.238.103.248])
        by smtp.gmail.com with ESMTPSA id i9-20020adfe489000000b0032da8fb0d05sm1687459wrm.110.2023.11.10.03.29.56
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 10 Nov 2023 03:29:56 -0800 (PST)
Message-ID: <D02BC80D-89A4-4C2D-AF2E-2A96ADB45CA0@craigfrancis.co.uk>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_5D3BE362-9BB2-4D34-BB25-59876A87ABC5"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\))
Date: Fri, 10 Nov 2023 11:29:46 +0000
In-Reply-To: <049d4758-def2-4a29-9e02-afa61e5b977e@gmail.com>
Cc: internals@lists.php.net
To: Rowan Tommins <rowan.collins@gmail.com>
References: <CAFv4g+EqzB7whakuN-sr6YL2ih9xhHPzCsvTsEgJKMXBh9H9wQ@mail.gmail.com>
 <5144806E-E21F-4AF8-B9A2-0161561A6B9E@craigfrancis.co.uk>
 <049d4758-def2-4a29-9e02-afa61e5b977e@gmail.com>
X-Mailer: Apple Mail (2.3774.200.91.1.1)
Subject: Re: [PHP-DEV] Passing null to parameter
From: craig@craigfrancis.co.uk (Craig Francis)

--Apple-Mail=_5D3BE362-9BB2-4D34-BB25-59876A87ABC5
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

First, thanks Rowan (same to you Kamil), I do appreciate your thoughts =
on this...



On 9 Nov 2023, at 20:01, Rowan Tommins <rowan.collins@gmail.com> wrote:
> On 09/11/2023 14:58, Craig Francis wrote:
>> We might as well make the PHP 9 upgrade as hard as possible, just to =
force a little bit of `strict_types=3D1` on everyone.
>=20
>=20
> Just to be clear, strict_types has nothing to do with this;

strict_types=3D1 enables strict type checking, which adds fatal type =
errors instead of coercion (all fine, all good); but for everyone not =
using strict_types=3D1, there is a fatal type error when NULL is passed =
to a function argument, while all other type coercions (e.g. string '5' =
to int) work?



> changing it does not allow you to pass nulls to typed parameters, and =
never did: https://3v4l.org/atT0B

Yep, specifically for user defined function parameters, but NULL =
coercion works with string concatenation, =3D=3D comparisons, =
arithmetics, sprintf, print, echo, array keys?

That said, with the original RFC:

https://wiki.php.net/rfc/scalar_type_hints_v5

> "The only exception to this is the handling of NULL: in order to be =
consistent with our existing type declarations for classes, callables =
and arrays, NULL is not accepted by default"


I never understood why NULL was considered a complex value like a =
class/callable/array, when it's more like a simple =
bool/int/float/string, where NULL can be coerced (and NULL is documented =
as being coercible in all other contexts, like concatenation).

Also...

> =E2=80=9Cit should be possible for existing userland libraries to add =
scalar type declarations without breaking compatibility=E2=80=9D


But that's not the case; if you add types to a legacy projects =
functions, fatal type errors happen instead of accepting NULL and =
coercing it as needed (it's why I never bothered adding types to the =
legacy project I still look after).



> Nor has strict_types=3D0 ever been aligned to the loosest coercion =
rules used in other contexts; for instance, an empty string was never an =
acceptable input for an integer parameter, even in versions where it was =
an acceptable operand for addition: https://3v4l.org/khD32

Fair, but that makes a little bit more sense to me (although I'd assume =
an empty string would be coerced to 0).



> As for your previous example:
>=20
> > redirect('/thank-you/?ref=3D' . urlencode($ref));
>=20
> If $ref isn't set, any of these might be the correct URL: =
"/thank-you/", "/thank-you/?ref=3D", "/thank-you/?ref=3Ddefault", ... =
The language can only guess one of those.

NULL has always been coerced to an empty string with urlencode(), it =
happens in a lot of projects, and everyone seemed to be fine with it?



> A similar example I've come across is in manually escaped SQL (yes, I =
know, use parameters instead...):
>=20
> $sql =3D "Insert Into blah ( whatever ) Values ( '" . =
sql_escape($someVar) . "' )";
>=20
> Nine times out of ten, if the PHP variable is null, you want an SQL =
null, not ''; but if the [imaginary] sql_escape function doesn't reject =
nulls, you may not notice the bug until you've ended up with garbage in =
your DB.


Fortunately I only have to maintain 1 legacy project, and I've only had =
to make 29 edits so far, but every single one involved me adding =
strval(), it's certainly not making the code better, and I know there =
are still more to find, but I'll have to wait for customers to trip =
them.

Craig




--Apple-Mail=_5D3BE362-9BB2-4D34-BB25-59876A87ABC5--