Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121852
MIME-Version: 1.0
References: <6566989F.7010305@adviesenzo.nl> <34dada8e-7f2a-4d94-b7df-d9d3c7b2f3ce@app.fastmail.com>
 <F200E6CF-5116-4361-AB5C-CDD67F2E2021@koalephant.com>
In-Reply-To: <F200E6CF-5116-4361-AB5C-CDD67F2E2021@koalephant.com>
Date: Wed, 29 Nov 2023 09:20:04 +0100
Message-ID: <CAPzBOBPLK3rQwqYsfgF3nS6=nT1qTdz-pzVpgNFRmXd7Jh9oSA@mail.gmail.com>
To: Stephen Reay <php-lists@koalephant.com>
Cc: php internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] What is the prevailing sentiment about extract() and
 compact() ?
From: landers.robert@gmail.com (Robert Landers)

On Wed, Nov 29, 2023 at 8:19=E2=80=AFAM Stephen Reay <php-lists@koalephant.=
com> wrote:
>
>
>
> > On 29 Nov 2023, at 09:58, Larry Garfield <larry@garfieldtech.com> wrote=
:
> >
> > On Tue, Nov 28, 2023, at 7:49 PM, Juliette Reinders Folmer wrote:
> >> L.S.,
> >>
> >> What with all the drives towards cleaner code, how do people feel
> >> nowadays about `extract()` and `compact()` still being supported ?
> >>
> >> Both have alternatives. The alternatives may be a little more cumberso=
me
> >> to type, but also make the code more descriptive, lessens the risk of
> >> variable name collisions (though this can be handled via the $flags in
> >> extract), prevents surprises when a non-associative key would be
> >> included in an array and lessens security risks when used on untrusted=
 data
> >
> > *snip*
> >
> >> I can imagine these could be candidates for deprecation ? Or limited
> >> deprecation - only when used in the global namespace ?
> >>
> >> For now, I'm just wondering how people feel about these functions.
> >>
> >> Smile,
> >> Juliette
> >
> > extract() has very limited use in some kinds of template engine, which =
use PHP require() as a template mechanism.  I don't think compact() has any=
 uses.
> >
> > I very recently was just reminded that these even exist, as i had to te=
ll one of my developers to not use them.  I think it was compact() he was t=
rying to use.  I vetoed it.
> >
> > I would not mind if they were removed, but I don't know how large the B=
C impact would be.  They'd probably need a long deprecation period, just to=
 be safe.
> >
> > --Larry Garfield
> >
> > --
> > PHP Internals - PHP Runtime Development Mailing List
> > To unsubscribe, visit: https://www.php.net/unsub.php
> >
>
> Hi,
>
> While I think I understand the goal behind this, I think you're missing s=
ome factors here.
>
> Regarding use-cases for compact: the most common one I can think of from =
my work, is for passing multiple local variables as context to a logging fu=
nction, but I'd be surprised if its not also used to build faux hash struct=
ures too.
>
> If your goal is to achieve an associative array (i.e a poor mans hash) of=
 known variable names, using compact in php8+ has *less* risk of uncaught/u=
nexpected errors than building it manually. Passing an undefined name (i.e.=
 due a typo, or it just not being defined) produces a warning regardless of=
 whether you build the array manually or pass the name(s) to compact(). Pro=
viding an array key name that doesn't match the variable name (e.g. due to =
a typo, or a variable being renamed) will produce no error when building th=
e array manually, but will produce a warning with compact().
>
> IDEs (e.g. PHPStorm/IDEA+PHP plugin) can already understand that the name=
s passed to compact are a variable name, and make changes when a variable i=
s renamed via the IDE. They simply cannot do the same for plain array keys.
>
> Due to how variable scope works, the only way to re-implement compact() w=
ith the same key-typo-catching behaviour as a function in userland would be=
 something that requires the user to pass the result of get_defined_vars() =
to every call.
>
> So no, I don't think compact() should be deprecated, what I think *should=
* happen, is to promote the current warning on undefined variables, to an e=
rror, as per https://wiki.php.net/rfc/undefined_variable_error_promotion. W=
hether this is a foregone conclusion or not, I don't know because that RFC =
doesn't mention compact() specifically.
>
>
> extract(), as Larry points out has historically been used by 'pure php' s=
tyle template systems, in a manner that's generally "safe". Personally I'm =
less inclined to use this behaviour now (i.e. I'd prefer to access named & =
typed properties from a template than arbitrary local variable names) but I=
 don't think that's enough of a case to remove it, because just like with c=
ompact, by nature of how variable scope works, it's very difficult/impossib=
le to re-implement this in userland, in a way that's reusable and doesn't i=
nvolve using worse constructs (e.g. eval'ing the result of a function)
>
> I think there's possibly an argument to be made for improvements, such as=
 changing the default mode of extract to something besides EXTR_OVERWRITE, =
or to have checks in place preventing the overwrite of superglobals.
>
>
> Cheers
>
>
> Stephen

FWIW, I use compact all the time, usually like this:

try {
  // do stuff
} catch(Throwable $exception) {
  $this->logger->error("failed to do stuff", compact('exception'));
  throw $exception;
}

But thanks for the reminder to finish the nameof RFC, I was waiting
until after 8.3 to avoid the "trying to rush it to get into 8.3"
shenanigans that happened to another RFC around the same time. If
nameof passes, then it could make this more obvious when refactoring:

try {
  // do stuff
} catch(Throwable $exception) {
  $this->logger->error("failed to do stuff", compact(nameof($exception)));
}

Robert Landers
Software Engineer
Utrecht NL