Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:44665
Return-Path: <stas@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93407 invoked from network); 2 Jul 2009 16:59:49 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Jul 2009 16:59:49 -0000
Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 63.205.162.117 as permitted sender)
X-PHP-List-Original-Sender: stas@zend.com
X-Host-Fingerprint: 63.205.162.117 us-mr1.zend.com Linux 2.4/2.6
Received: from [63.205.162.117] ([63.205.162.117:34250] helo=us-mr1.zend.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E4/D3-09230-287EC4A4 for <internals@lists.php.net>; Thu, 02 Jul 2009 12:59:47 -0400
Received: from us-gw1.zend.com (us-ex1.zend.net [192.168.16.5])
	by us-mr1.zend.com (Postfix) with ESMTP id 1A7C9E12BB;
	Thu,  2 Jul 2009 09:48:40 -0700 (PDT)
Received: from [192.168.16.83] ([192.168.16.83]) by us-gw1.zend.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Thu, 2 Jul 2009 10:00:20 -0700
Message-ID: <4A4CE77F.2090302@zend.com>
Date: Thu, 02 Jul 2009 09:59:43 -0700
Organization: Zend Technologies
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: RQuadling@googlemail.com
CC: Ilia Alshanetsky <ilia@prohost.org>, 
 PHP internals <internals@lists.php.net>
References: <FC14FAFE-6785-4067-9B49-9FC14F159C52@prohost.org> 	<4A4BA5C8.1020204@zend.com> <10845a340907020525x786a196dv4959d522675ca6eb@mail.gmail.com>
In-Reply-To: <10845a340907020525x786a196dv4959d522675ca6eb@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 02 Jul 2009 17:00:20.0900 (UTC) FILETIME=[9555BE40:01C9FB36]
Subject: Re: [PHP-DEV] RFC: Type hinting revisited for PHP 5.3
From: stas@zend.com (Stanislav Malyshev)

Hi!

> Doesn't "stuff their code with explicit type conversions" actually
> mean "perform appropriate validation and conversion on incoming data"
> ?

Sometimes it does, but in many cases it doesn't - since variables are 
not typed and types can be juggled, you'd have to take precautions even 
though you could be sure the value itself is sanitized.

> We are constantly told about GIGO and not accepting anything a user
> supplies as safe, so, with that in mind, you validate the incoming

It's not about the user input and security - it's about having different 
parts of your code working together through all possible changes. If 
you've got strict API you've got to make sure what you are sending to it 
would pass those strict checks, and would keep doing so through all 
changes done to the code.

> A big +1 from me to incorporate type hinting into PHP.

I think calling this proposal "type hinting" just confuses the 
discussion. It's (optional) strict typing and it should be called so.
-- 
Stanislav Malyshev, Zend Software Architect
stas@zend.com   http://www.zend.com/
(408)253-8829   MSN: stas@zend.com