Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121640
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25624 invoked from network); 10 Nov 2023 12:25:51 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Nov 2023 12:25:51 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id F364B1804D4
	for <internals@lists.php.net>; Fri, 10 Nov 2023 04:25:49 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 10 Nov 2023 04:25:49 -0800 (PST)
Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-32f9268bf8cso1151188f8f.0
        for <internals@lists.php.net>; Fri, 10 Nov 2023 04:25:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default; t=1699619148; x=1700223948; darn=lists.php.net;
        h=references:to:cc:in-reply-to:date:subject:mime-version:message-id
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=0zO4NF2Cy9wuentZsaBzOq71dSlDXd4MWpyOdHf0Qqo=;
        b=QiZG2+KNKz2O6S6bdPwJdZ4D5WqlZjRUr0T15E0KUm88jNg/Lcua8hK+Tnd1v2Gd5c
         L5sX+S7OpxowujxMbzba6crPn7D3Sfcvj31E2BvEQQMcCJw9Y+sbwwtYuVyBE9pw2vwF
         Jo4VFs4vw32UNWWKqkSYgPDbT+vJxJLrNhbFc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699619148; x=1700223948;
        h=references:to:cc:in-reply-to:date:subject:mime-version:message-id
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=0zO4NF2Cy9wuentZsaBzOq71dSlDXd4MWpyOdHf0Qqo=;
        b=oMroWO0ldcMq0mQFMtF+W3g02ewPaXf9/t+EcVjreW7fPokN2o176qhs4V/GwjFYel
         G1+w/lBtKbrFOoJso7idVqlUHfUdYE8duvjrzQqm8nUFfdRx6XdycAt7xYr7q7H27deO
         ZPsThNuyzegmVsKGJfC+u3rCOo89gYoGDhkLCb7Ix0Uxy7GMRbCAe2aBL7vrNvqkvrqz
         Bb52BAOwG47TTHLy6Yf+qnFYfdmSp6xwm+qSEKD3/eOPLhjZVmZfkicPGUmcGIl1BnWT
         Nq6Jx0ZrRr7k+jFuaTPfA+icDsYiKB/iSZL41eBzxYJvQMPIrqj0B4viLCOMQ04bWixz
         0fng==
X-Gm-Message-State: AOJu0YznDxj2UgZV5i368i7LebvtswN3ylevXh7rbQb+VrvFcxcMjRtG
	+9cJY6c6/uEjiLXcNiGJuB81Pw==
X-Google-Smtp-Source: AGHT+IEKcIqrZVBwbMw6r7I6jczkSq2qzvS7QuRXh3ymszjJaK0u68uvCnaTD1k5PqLjSryBECicsg==
X-Received: by 2002:adf:edc7:0:b0:32d:a242:c6ba with SMTP id v7-20020adfedc7000000b0032da242c6bamr5905530wro.40.1699619148011;
        Fri, 10 Nov 2023 04:25:48 -0800 (PST)
Received: from smtpclient.apple ([92.238.103.248])
        by smtp.gmail.com with ESMTPSA id p3-20020adfe603000000b0032da4f70756sm1815133wrm.5.2023.11.10.04.25.47
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 10 Nov 2023 04:25:47 -0800 (PST)
Message-ID: <A95554B4-7282-4017-8D98-82C0A0FB7DD3@craigfrancis.co.uk>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_17856D39-BF0E-478E-9F52-06FC3B8DE57B"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\))
Date: Fri, 10 Nov 2023 12:25:36 +0000
In-Reply-To: <CAGBsUrf2TM65Sq-7LCzq2p6PN-EfhwfduYnPghxEY9W70-UqKg@mail.gmail.com>
Cc: PHP internals <internals@lists.php.net>
To: Kamil Tekiela <tekiela246@gmail.com>
References: <CAFv4g+EqzB7whakuN-sr6YL2ih9xhHPzCsvTsEgJKMXBh9H9wQ@mail.gmail.com>
 <5144806E-E21F-4AF8-B9A2-0161561A6B9E@craigfrancis.co.uk>
 <CAGBsUrfwRExOFZ8dRy0=D9wmKurkj4QBNPvOsmrw7Mh=rjX0mg@mail.gmail.com>
 <1A044D32-019A-4152-A3C0-3F393974AC3B@craigfrancis.co.uk>
 <CAGBsUrf2TM65Sq-7LCzq2p6PN-EfhwfduYnPghxEY9W70-UqKg@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.200.91.1.1)
Subject: Re: [PHP-DEV] Passing null to parameter
From: craig@craigfrancis.co.uk (Craig Francis)

--Apple-Mail=_17856D39-BF0E-478E-9F52-06FC3B8DE57B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

On 10 Nov 2023, at 11:11, Kamil Tekiela <tekiela246@gmail.com> wrote:
>> That's what I thought, but for some reason, casting null is =
deprecated only when it's provided as an argument to functions, all =
other cases it's fine... weird right?
>=20
>=20
> No, passing null to non-nullable parameters is already an error. It =
has been for a long while now. The only exception are some built-in =
functions that silently ignored that and cast the value to another type.=20=


Not sure I'm following, I said "an argument to functions", the other =
cases I was referring to was string concatenation, =3D=3D comparisons, =
arithmetics, sprintf, print, echo, array keys, etc.



> However, passing null to non-nullable param was never allowed.=20

For user defined functions... but there are at least 335 parameters =
negatively affected by this deprecation:

=
https://github.com/craigfrancis/php-allow-null-rfc/blob/main/functions-cha=
nge.md

And that's ignoring the 104 questionable and 558 problematic parameters =
where NULL (or empty string) probably shouldn't be allowed (like how =
$separator in explode() already has a =E2=80=9Ccannot be empty=E2=80=9D =
Fatal Error).



> but as I explained earlier it was always an error. That's how the =
language was designed.

I'm not sure many people see it like that though, most of the frameworks =
can return NULL when retrieving GET/POST/DB etc values, and developers =
simply pass those nullable values to functions like trim(), urlencode(), =
hash(), base64_encode(), strtoupper(), preg_match(), etc.



> Finding it is difficult, I agree, but that's the whole purpose of the =
deprecation. It's supposed to help you find all the mistakes. The =
mistakes are only with built-in functions, so the scope is very limited.

Imagine a developer creating a simple search <form>, so the browser =
makes a request to "/search/?q=3Dx", and the developer works with the q =
value, maybe they use `htmlspecialchars`, or `preg_split` to separate =
the words, etc... during all of their (probably manual) testing, they =
are always providing a value, as they are using the website as they =
expect it to be used, but a few months later, when it's in production, a =
user types in the "/search/" URL, or edits the URL, or the page with the =
form on failed to load properly, or a browser extension did something to =
it; today the script would receive a NULL value, and it would be treated =
like an empty string (as expected and documented), but with PHP 9, this =
will cause a fatal error?



> Casting null to other types is not a mistake, but passing null to =
functions that don't expect it, is a mistake.

But that's what the type coercion is supposed to do, like how a function =
that expects an integer will accept the string '5'.



> Just think about a simple example and how ambiguous it would be.=20
>=20
> function abc(string|int $p) {}
> abc(null);=20
>=20
> What should null be converted into and why?

int(0), because union types already define an "order of preference":

https://wiki.php.net/rfc/union_types_v2#coercive_typing_mode

Like this:

```
function abc(string|int $p) {
  var_dump($p); // int(0)
}

abc(false);
```

Craig


--Apple-Mail=_17856D39-BF0E-478E-9F52-06FC3B8DE57B--