Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:59023 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 43742 invoked from network); 18 Mar 2012 23:11:17 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Mar 2012 23:11:17 -0000 Authentication-Results: pb1.pair.com smtp.mail=simonsimcity@googlemail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=simonsimcity@googlemail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 209.85.214.170 as permitted sender) X-PHP-List-Original-Sender: simonsimcity@googlemail.com X-Host-Fingerprint: 209.85.214.170 mail-ob0-f170.google.com Received: from [209.85.214.170] ([209.85.214.170:35068] helo=mail-ob0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id ED/E4-41178-49B666F4 for ; Sun, 18 Mar 2012 18:11:16 -0500 Received: by obbup19 with SMTP id up19so737181obb.29 for ; Sun, 18 Mar 2012 16:11:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KmJG//SV8+hrZm6U9xkgg6/6PDD8Mq8U+Q7IRKbbYvw=; b=PIJYz3EDxy0lg8XVFAU7Pwp98X0B2bvQEgPeDeI3VjuyK0FQiPpRdOFGkQIFcHoE+0 JkmL/Ss9yoGCEaOx8IF7u8FFLVl1HRM9jdPQczzxKVVkox1ZwjiL7AIdqnAs2LGql95y 204jDc/5zNSDrkRBXBZstl+mSd4VPeKJK9VfYAkBX7wxMBoC8jXQhfOWnbyrA1piWFZm 3n+EgZxd7WFvxALPPGxd3u1ccqA+pPnw1rwRr4bE9fixZxAOtEzA+DrmvSW83axJjjqi ICNr80XpYzRc+j30dCVvC+QQxS48ovpjmD9OBDKHhWSsHNDfabK1ZvCUfph98jYbpfi+ 1V5g== MIME-Version: 1.0 Received: by 10.182.188.38 with SMTP id fx6mr10963447obc.77.1332112273827; Sun, 18 Mar 2012 16:11:13 -0700 (PDT) Received: by 10.60.18.162 with HTTP; Sun, 18 Mar 2012 16:11:13 -0700 (PDT) In-Reply-To: References: Date: Mon, 19 Mar 2012 00:11:13 +0100 Message-ID: To: Adam Jon Richardson Cc: PHP Internals List Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Scalar-type-hinting - which way is the best to go? From: simonsimcity@googlemail.com (Simon Schick) 2012/3/18 Adam Jon Richardson : > On Sun, Mar 18, 2012 at 7:12 AM, Simon Schick > wrote: > >> >> Hi, All >> >> Just to add an example why I want a more strictly type-check here as >> we have in the current type-juggling: >> >> http://www.brandonsavage.net/an-xss-vulerability-in-the-making/?utm_source=rss&utm_medium=rss&utm_campaign=an-xss-vulerability-in-the-making > > > I see the example given as one of poor validation, not a reason for more > strict type checking in a dynamic, weakly typed language. > > One could: > > - use a regex > - setting the third argument (strict comparison) of in_array() to true -OR- > looping through the array and checking equivalence with === > - ensure the type juggled value (the integer form) was returned and used > rather than using the original string > > I actually like the conversation on scalar type hinting, and I've even > offered some ideas for integrating a form of it, too. However, poor input > validation is not one of the reasons that I would use to justify its > inclusion. The goal of proper input validation should be to account for > page requests that include invalid data and provide appropriate feedback > within the natural flow of the application. Erring out when calling a more > strongly typed function at runtime does not provide this type of > application flow. > > Adam Hi, Adam I totally agree that type-hinting should not cover what the programmer should do for validating the given input ... But I just wanted to point out that this is something the author (and I) would never expect to happen ... in_array("123abc", array(3, 7, 123, 28)) === true But that's another thing :) I just wanted to point out that I don't want to have the string "123abc" accepted as an integer :) Anyways ... This thread should be a discussion about the whole concept, not the details. Sorry for getting off-context here. Bye Simon