On Thu, Mar 17, 2022 at 5:40 PM Tobias Nyholm <tobias.nyh...@gmail.com> wrote:
> On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, <tovilo.il...@gmail.com> wrote: > >> Hi everyone >> >> I'd like to start discussion on a new RFC for arbitrary string >> interpolation. >> https://wiki.php.net/rfc/arbitrary_string_interpolation >> >> Let me know what you think. > > That is a cool idea. > But I am not a big fan of having code in strings. > Wouldn’t this open the door to all kinds of new attacks? Do you have an example of a new kind of attack this would allow? The proposal doesn't enable interpolation of strings coming from a database or user input - it only applies to string literals directly in PHP code. Personally I'm really looking forward to having this functionality. Just a couple days ago I wanted to call a function in an interpolated string, and it was really annoying to have to wrap the function in a closure in order to use it. If this RFC is accepted I'd be able to replace code like this: $name = "Theodore Brown"; $strlen = fn(string $string): int => strlen($string); echo "{$name} has a length of {$strlen($name)}."; with $name = "Theodore Brown"; echo "{$name} has a length of {$:strlen($name)}."; Sincerely, Theodore -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php