On 09/11/2023 14:58, Craig Francis wrote:
We might as well make the PHP 9 upgrade as hard as possible, just to force a
little bit of `strict_types=1` on everyone.
Just to be clear, strict_types has nothing to do with this; changing it
does not allow you to pass nulls to typed parameters, and never did:
https://3v4l.org/atT0B
Nor has strict_types=0 ever been aligned to the loosest coercion rules
used in other contexts; for instance, an empty string was never an
acceptable input for an integer parameter, even in versions where it was
an acceptable operand for addition: https://3v4l.org/khD32
As for your previous example:
> redirect('/thank-you/?ref=' . urlencode($ref));
If $ref isn't set, any of these might be the correct URL: "/thank-you/",
"/thank-you/?ref=", "/thank-you/?ref=default", ... The language can only
guess one of those.
A similar example I've come across is in manually escaped SQL (yes, I
know, use parameters instead...):
$sql = "Insert Into blah ( whatever ) Values ( '" . sql_escape($someVar)
. "' )";
Nine times out of ten, if the PHP variable is null, you want an SQL
null, not ''; but if the [imaginary] sql_escape function doesn't reject
nulls, you may not notice the bug until you've ended up with garbage in
your DB.
Regards,
--
Rowan Tommins
[IMSoP]
