Hi Rob,

> Explicit casting in PHP is dangerous:
> (int) "123password" === 123

Agreed, (int) is a footgun. But it's an argument for the typed-local path, not against the feature.

The cast is only one of the allowed forms, and the RFC doesn't change how casts behave. The safe way to get a guaranteed receiver from untyped input is a typed local, and those coerce under the same rules as a typed parameter or property, not cast rules. On 8.5:

    int $n = "123password";   // TypeError, in both weak and strict mode

so the typed path throws on exactly the input you're worried about, instead of silently giving you 123.

Leaning on "explicit cast" in the framing was the wrong emphasis on my part. If you want a checked int from user input you write int $n = ..., and it rejects the garbage. Casts stay as they are; they just aren't the path I should've pointed at.

Michal

Reply via email to