Yasuo, > > IMHO, escape/unescape/encode/decode/conversion function is better to accept > any types. > HTML template may be separated script, but database code etc may not. > > Writing code like > > <?php > declare(strict_types=1); > $sql = 'SELECT * FROM '. pg_escape_identifier((string)$table). ' WHERE id '. > pg_escpae_literal((string)$id).';'; > pg_query($sql); > ?> > > is better to be avoided. i.e. (string) cast before passing parameter.
I agree 100%. Instead, the developer should get an error if the parameter is not a string. Because it is an error. If you're passing an array to `pg_escape_identifier`, you have FAR WORSE problems. Having the function accept anything and return anything (as you're proposing) would eliminate any ability to detect this problem. If people blind cast, that's their problem. We shouldn't make it harder for people to detect problems by blindly accepting anything under the sun. > Another example. JSON decode convert numeric to int/float > > <?php > declare(strict_types=1); > $data = json_decode($json); > $str = mb_convert_kana((string) $data['some_data'], 'AKHV'); > ?> > > Are we going to enforce users to use (string) casts for conversion functions > to switch > strict_types=1? No, the entire point is to have them actually validate the types. Anthony -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
