On 2026-06-18 21:59, Sjoerd Langkemper wrote:
Hello,


Should base_convert raise a notice or warning when it cannot convert a number precisely? On one hand, silent conversion to floating point is just fact of life for PHP. But I would argue that in this case it is unexpected because both the input and output are strings. The loss of precision is documented in the manual, but it is not obvious from the result, and it has clear security impact. What do you think?


Alternatively, could the base conversion be made via bcmath to retain all the digits instead? Then not only will the "nicely random" string remain nicely random, but the warning in the manual could be removed as well.

Reply via email to