Hello Simon,
> in_array("123abc", array(3, 7, 123, 28)) === true
This is a pointless example, because the first argument of in_array is of
type "mixed" and not "int". So, this may cause many headaches, but it is
irrelevant to the discussion about scalar type hints.
Lazare INEPOLOGLOU
Ingénieur Logiciel
2012/3/19 Simon Schick <simonsimc...@googlemail.com>
> 2012/3/18 Adam Jon Richardson <adamj...@gmail.com>:
> > On Sun, Mar 18, 2012 at 7:12 AM, Simon Schick
> > <simonsimc...@googlemail.com>wrote:
> >
> >>
> >> Hi, All
> >>
> >> Just to add an example why I want a more strictly type-check here as
> >> we have in the current type-juggling:
> >>
> >>
> http://www.brandonsavage.net/an-xss-vulerability-in-the-making/?utm_source=rss&utm_medium=rss&utm_campaign=an-xss-vulerability-in-the-making
> >
> >
> > I see the example given as one of poor validation, not a reason for more
> > strict type checking in a dynamic, weakly typed language.
> >
> > One could:
> >
> > - use a regex
> > - setting the third argument (strict comparison) of in_array() to true
> -OR-
> > looping through the array and checking equivalence with ===
> > - ensure the type juggled value (the integer form) was returned and used
> > rather than using the original string
> >
> > I actually like the conversation on scalar type hinting, and I've even
> > offered some ideas for integrating a form of it, too. However, poor input
> > validation is not one of the reasons that I would use to justify its
> > inclusion. The goal of proper input validation should be to account for
> > page requests that include invalid data and provide appropriate feedback
> > within the natural flow of the application. Erring out when calling a
> more
> > strongly typed function at runtime does not provide this type of
> > application flow.
> >
> > Adam
>
> Hi, Adam
>
> I totally agree that type-hinting should not cover what the programmer
> should do for validating the given input ...
> But I just wanted to point out that this is something the author (and
> I) would never expect to happen ...
>
> in_array("123abc", array(3, 7, 123, 28)) === true
>
> But that's another thing :)
> I just wanted to point out that I don't want to have the string
> "123abc" accepted as an integer :)
>
> Anyways ... This thread should be a discussion about the whole
> concept, not the details.
> Sorry for getting off-context here.
>
> Bye
> Simon
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
