Hi Rob,
> Explicit casting in PHP is dangerous:
> (int) "123password" === 123
Agreed, (int) is a footgun. But it's an argument for the typed-local
path, not against the feature.
The cast is only one of the allowed forms, and the RFC doesn't change
how casts behave. The safe way to get a guaranteed receiver from untyped
input is a typed local, and those coerce under the same rules as a typed
parameter or property, not cast rules. On 8.5:
int $n = "123password"; // TypeError, in both weak and strict mode
so the typed path throws on exactly the input you're worried about,
instead of silently giving you 123.
Leaning on "explicit cast" in the framing was the wrong emphasis on my
part. If you want a checked int from user input you write int $n = ...,
and it rejects the garbage. Casts stay as they are; they just aren't the
path I should've pointed at.
Michal