Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:78204 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 46349 invoked from network); 21 Oct 2014 14:57:07 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 Oct 2014 14:57:07 -0000 Authentication-Results: pb1.pair.com smtp.mail=lisachenko.it@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=lisachenko.it@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.47 as permitted sender) X-PHP-List-Original-Sender: lisachenko.it@gmail.com X-Host-Fingerprint: 74.125.82.47 mail-wg0-f47.google.com Received: from [74.125.82.47] ([74.125.82.47:45376] helo=mail-wg0-f47.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EA/38-02077-24476445 for ; Tue, 21 Oct 2014 10:57:07 -0400 Received: by mail-wg0-f47.google.com with SMTP id x13so1580838wgg.18 for ; Tue, 21 Oct 2014 07:57:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=aY4m7hcURdH7WpRJpEwsOD0v2DzdzTrqbWhj89yN4e0=; b=W2HqieChX3wZaCfIH8hnXeOznra++eSeD5EtGrHSQ4KU8r21lgLOTy5WelQxWfPE0K sAiatncBoanXAmhPlFdKTjCYPhAuCswp47YYhh4lKwy3s6q6+YixtmbjOgO7Q+fCiYVW IzK6mJbiAFkfrRc3N6dCdbeOsGATcS3DjptZqpW9twtQ2XRNg5MRZmIHNBLcj/FloH4l XNqX+l4XilDZYRzuFzJVT79LFAxkWpNpaj/xtGJEopSeavaUuGnJTaKs9AsBK0rKjOSq RNI5IZ3s9WBKGc2VKzx/1SmgwlAiZPiriS1IPkvmvQe+BDHQkWDCncv2Xc/awwT7mYB1 53Fg== MIME-Version: 1.0 X-Received: by 10.194.52.3 with SMTP id p3mr43490317wjo.93.1413903420374; Tue, 21 Oct 2014 07:57:00 -0700 (PDT) Received: by 10.194.42.137 with HTTP; Tue, 21 Oct 2014 07:57:00 -0700 (PDT) In-Reply-To: References: <66B7B28C-2651-4A71-AC2A-55D4C7BB3DDC@ajf.me> Date: Tue, 21 Oct 2014 18:57:00 +0400 Message-ID: To: Dmitry Stogov Cc: Andrea Faulds , PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC] Safe Casting Functions From: lisachenko.it@gmail.com (Alexander Lisachenko) Hello, internals! > Good evening, > > I am presenting a new RFC to add a set of three functions to do validated casts for scalar types: > > https://wiki.php.net/rfc/safe_cast > > Please read it. Personally I don't like this RFC because it's introducing one more way to cast value in PHP. We already have boolval(), intval(), strlva() functions that are not widely used in the source code, because of dynamic nature of PHP. Developers just use value as is, assuming that it will cast automatically where needed. This kind of casting is typically used to prevent an attacks like this $id = intval($_GET['id']); But this is ugly implementation from my point of view. Binding and sanitization can do this much better. There is also one more way to cast values with explicit casting: $id = (int) $_GET['id']. I think that this way of doing casting is more natural for developers to read, because many languages use the same scheme to cast values into another types. Instead of implementing new to_xxxx() functions, it can be nice to reuse logic of casting with "(type) $value" to follow https://wiki.php.net/rfc/scalar_type_hinting_with_cast#conversion_rules which looks great. Besides this, there is casting with settype($value, $type) and one more with filter sanitization. If this RFC will be accepted there will be one more way with own logic of casting. And this is not so good from userland point of view. It can be good only with OOP support for primitive types, for example $value = '1234'; $number = $value->toInt(); $float = $value->toFloat(), etc.. Thanks!