Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:88241 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 90603 invoked from network); 16 Sep 2015 13:45:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Sep 2015 13:45:42 -0000 Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.169 as permitted sender) X-PHP-List-Original-Sender: rowan.collins@gmail.com X-Host-Fingerprint: 209.85.212.169 mail-wi0-f169.google.com Received: from [209.85.212.169] ([209.85.212.169:35500] helo=mail-wi0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C5/7B-30198-58279F55 for ; Wed, 16 Sep 2015 09:45:42 -0400 Received: by wicge5 with SMTP id ge5so75424031wic.0 for ; Wed, 16 Sep 2015 06:45:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=ysOmBQbkweXW7bww9Z8M2qtozEGUMYnZ9rMKgNTtwq4=; b=RzFJdWiNQ/YxEqHy+Sl2xkj6F2TS/ez3FhzThun1xERqm4bsVB6spId/0xunGTW9iV zr6q6LK3647NHcZiA1X4/9r2oqYQITqZHI0DxD948D7NBQewV4BuWW4I7wxMVx19X6ah BqcC8D21isd3Xdbp4F3jiJmQL1a6TOKmiTzzZhCN20Bpbuat3018USDzOgyviW3o60kF d//55RgoIJX/dNZhi4rni4m10waL1O8PHzvP3ONWWOlOjG8rfGVtll1I8MkRpHKfNgBr FfggtCZy09oPPSrHAF0s8ab0uBdpOFNBExSoHzESlIZYiypHLZPc+VOcx2rA0xzWSoWf qZDA== X-Received: by 10.180.207.242 with SMTP id lz18mr18293751wic.66.1442411137275; Wed, 16 Sep 2015 06:45:37 -0700 (PDT) Received: from [192.168.0.127] ([62.189.198.114]) by smtp.googlemail.com with ESMTPSA id pb4sm19028164wjb.8.2015.09.16.06.45.36 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Sep 2015 06:45:36 -0700 (PDT) To: internals@lists.php.net References: Message-ID: <55F97251.3080706@gmail.com> Date: Wed, 16 Sep 2015 14:44:49 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Re: PHP 7.1 - Address PHPSadness #28? From: rowan.collins@gmail.com (Rowan Collins) Benoit Schildknecht wrote on 15/09/2015 18:04: > Every dev I've seen in my company use isset() as its name says it does > : "Is this variable set, whatever its value is ?". That's exactly how > we use it in the code. Can you give an example of code where you do not know this until the code runs - i.e. where "is this variable set?" is something you can hang business logic on? Somewhere where it would make sense to write something like this, if the exists() function were available for plain variables: if ( exists($a) ) { ... } elseif ( is_null($a) ) { ... } else { ... } > The irony is, we set a variable to "null" mostly to avoid "Undefined > variable" notices. To explain it shortly, when we see "$var = null;", > we know that it is a variable that could not be changed in the scope. Why is that ironic? That's exactly what the notice is telling you to do - assign an explicit value to your variables to say "this variable intentionally left blank". > It is logical (at least for us) that "isset()" returns true when a > variable exists, even if its value is "null". I've yet to discover a > security bug in our code, but we have very sensitive applications, in > which we widely use "isset()". It could cause a lot of damages (maybe > it already has, but haven't noticed yet), and "exists()" would prevent > them. Again, I challenge you - or anyone - to give a single, theoretical, example of such a bug. The only ones I can think of are made worse by use of exists(), not better, because they allow programmers to write extremely brittle code, as in the example I posted earlier of refactoring to extract code into a new function: ... unset($foo); refactored_code($foo); ... function refactored_code($bar) { if exists($bar) // oops, this is always true ... } This is why I'm so opposed to the suggestion, because not only can people use it to write really bad code, I've yet to see an example where it would lead to good code. If we're interested in the reputation of the language, adding facilities for doing things badly doesn't sound like a good move. Regards, -- Rowan Collins [IMSoP]