Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:78231 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 60644 invoked from network); 22 Oct 2014 16:42:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Oct 2014 16:42:06 -0000 Authentication-Results: pb1.pair.com smtp.mail=php@tutteli.ch; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=php@tutteli.ch; sender-id=pass Received-SPF: pass (pb1.pair.com: domain tutteli.ch designates 80.74.154.78 as permitted sender) X-PHP-List-Original-Sender: php@tutteli.ch X-Host-Fingerprint: 80.74.154.78 ns73.kreativmedia.ch Linux 2.6 Received: from [80.74.154.78] ([80.74.154.78:35134] helo=hyperion.kreativmedia.ch) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8A/38-01590-C5ED7445 for ; Wed, 22 Oct 2014 12:42:05 -0400 Received: (qmail 19515 invoked from network); 22 Oct 2014 18:42:00 +0200 Received: from cm56-129-238.liwest.at (HELO RoLaptop) (86.56.129.238) by ns73.kreativmedia.ch with (AES128-SHA encrypted) SMTP; 22 Oct 2014 18:42:00 +0200 To: "'Weinand Bob'" , "'Dmitry Stogov'" Cc: "'Andrea Faulds'" , "'PHP Internals'" References: <66B7B28C-2651-4A71-AC2A-55D4C7BB3DDC@ajf.me> In-Reply-To: Date: Wed, 22 Oct 2014 18:41:58 +0200 Message-ID: <000c01cfee17$19ba9330$4d2fb990$@tutteli.ch> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQJkwG276Wk0Upx97kt7WiAQcULrfAIFLPCpAp8CUmgB0CgluwJd4pHmAZy5bQeavxpQoA== Content-Language: de-ch Subject: AW: [PHP-DEV] [RFC] Safe Casting Functions From: php@tutteli.ch ("Robert Stoll") > -----Urspr=C3=BCngliche Nachricht----- > Von: Weinand Bob [mailto:bobwei9@hotmail.com] > Gesendet: Mittwoch, 22. Oktober 2014 16:16 > An: Dmitry Stogov > Cc: Andrea Faulds; PHP Internals > Betreff: Re: [PHP-DEV] [RFC] Safe Casting Functions >=20 > If we really want an integer at all price we just can use a simple = (int) cast. That=E2=80=99s AFAIK not the point of this RFC. >=20 > And at that point where we can add a default as second parameter, we = also just can use NULL with ??. The latter is at the > same time more powerful and less restrictive. >=20 > Also, with a second parameter, we don=E2=80=99t have any possibility = to check if the conversion was successful or if the fallback was > used. >=20 > Bob I believe the point of this RFC is to have save casts in the sense of a = type-safe casts. Under this circumstances I would give this RFC a +1=20 In my opinion, and as mentioned by Dmitry, the only way to achieve this = is using exceptions (or triggering an E_RECOVERABLE_ERROR) when = something fails.=20 Consider the following example: $total =3D to_int($_GET['a']) + to_int($_GET['b']); Regardless whether false or NULL is returned, total will be 0 and the = error will be ignored. I think that should not be the purpose of this = RFC. Otherwise it is merely another way of casting. Sure, introducing safe casts does not free the user from input = validation (and I merely used $_GET as an example) but that is another = topic. I am sure someone will argue now that if the user validates the = input anyway then such safe casts are not necessary. I would argue that = they are still useful and necessary when not even mandatory. Personally, = I would only use to_int. Even in cases where I believe to know that the = input is valid by design (say it comes from a config file) because you = never know if someone (a hacker) was not able to manipulate your config = value and thus can exploit your code in some way or the other. I cannot = come up with a concrete scenario but I guess you get my point. If in = such a case an exception is thrown then the request terminates = unexpected but for the better. Cheers, Robert