On 18/10/22 22:32, Tim Düsterhus wrote:
false is a valid value that might've been serialized. The manual
specifically notes:
false is returned both in the case of an error and if
unserializing the serialized false value. It is possible to catch
this special case by comparing data with serialize(false) or by
catching the issued E_NOTICE.
Yes, that is fair enough.
Note that your example code also errors out if the $result is an
empty array, an empty string or another falsy values. This might be
an acceptable result in your specific case, but is not the correct
behavior in the general case.
Right, there was no instance in the 150 callers I reviewed yesterday
in which unserialize() was explicitly checked for errors while
unserializing a falsy value. Most often, there is an array wrapper
around the actual value, or the possibility is otherwise excluded.
The example in the RFC was written to be correct for the general
case, without imposing any constraints in the input data.
As I said, if throwing was optional, like in json_decode(), I would be
all for it. I'm just doing a cost/benefit analysis. The common case
should be easy, while the general case should be possible.
As a matter of style, I think PHP's false returns are fine. I don't
think we need to follow Python into making every error an exception.
-- Tim Starling
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
