Hi Internals, I have opened voting on https://wiki.php.net/rfc/is_literal for the is-literal function.
The vote closes 2021-07-19 The proposal is to add the function is_literal(), a simple way to identify if a string was written by a developer, removing the risk of a variable containing an Injection Vulnerability. This implementation is for literal strings ONLY (after discussion over allowing integers) and, thanks to the amazing work of Joe Watkins, now works fully with compiler optimisations, interned strings etc. Craig
