Re: [PHP-DEV] [RFC][Status] Scalar Type Declarations Voting Date Change

Sun, 15 Mar 2015 19:33:28 -0700 

Hi all,

On Mon, Mar 16, 2015 at 11:16 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:

>
>
>>
>> > It's natural that we have different point of views, but we can easily
>> > understand/guess
>> > the consequence of the RFC. Weak mode is simply too weak to be useful.
>> > Strict mode will hide type bugs by errorless casts.
>>
>> Show me examples when something not in strict mode behave differently
>> and it will be fixed. But saying that is per se wrong and double
>> standard in regard of voting. Or why did you vote in favor of other
>> RFCs which obviously had or still have bugs?
>>
>
> This code is an example that I posted in other thread.
>
> e.g.
> <?php
> function check_num_range(int $num) { if ($num < 0 || $num > 100)
> trigger_error('Invalid range'); }
> // Somewhere far from function definition.
> $num = $GET['num'];
> // Somewhere far from $num definition.
> check_num_range($num); // Trying to check validity, int and range.
> echo 'You have '.$num. ' now <br />'; // But $num could have any string.
>                                                             //
> "check_num_range((int)$num)" wouldn't help also.
> ?>
>
> Simple cast hides bugs, not eliminates type bugs.
> This is just an example and there are many cases that cast hides bugs in
> real world codes.
>

Another common example is database's NUMERIC types.

Database's NUMERIC type has much higher precisions. PostgreSQL has up to
131072 digits
before the decimal point; up to 16383 digits after the decimal point.
Casting to int/float drops
data.

SQLite has type affinity so it can hold any number (or even string etc) in
INT fields. Casting
drops data just like PostgreSQL's NUMERIC type.

Average users did write code like

$sql = 'SELECT * FROM some_table WHERE id='. (int)$id;

even under 32 bit platforms. I'm sure there will be many users who writes
invalid/buggy casts.
It's buggy code even under 64 bit platforms as PHP only support "signed
int" by default.

What we really need is decent conversion rules (it's OK to have new one
since we don't have
it before) that helps users to find bugs in PHP. Users can protect
themselves by additional
code, but why don't we provide it even if there is the code for it?

Regards,

--
Yasuo Ohgaki
yohg...@ohgaki.net

Reply via email to