PHP is first and foremost a Web scripting language. Everything we do
and every decision is based on that. For every feature the first
question you need to ask yourselves is:
Will this make it easier or harder for the average PHP user to
build a web app? And if it makes it harder, is the extra pain
worth the benefit?
Given that HTTP is still the dominant web protocol and given that HTTP
is not typed, we have to be very careful about introducing stronger
typing into PHP, even if it is optional. Passing $_REQUEST['age'] to a
function isn't a use-case that can be easily dismissed as it was by
someone earlier. This is the primary use case. PHP takes scalar user
data which comes across HTTP untyped, does stuff to it, and sends
something back.
The argument that adding a type hint will make documentation easier is a
scary one for me. If we go and promote the use of runtime type hinting
in order for people to use auto-documentation tools, they are likely to
sprinkle these type hints everywhere which has the nasty side effect of
causing runtime warnings or errors when something returns 1 instead of
"1" whereas before this happily worked and worked correctly. And short
of fuzzing all your code, you aren't going to catch this case during
development.
The robustness principle holds true here:
Be conservative in what you do; be liberal in what you accept from
others.
This means that "1" and 1 should be able to travel freely within a PHP
script without tripping anything up. And it means there needs to be
ways for the code to be conservative in what it does with this data.
Today this generally means casting and context-specific filtering.
Robustness and code correctness play against each other to some extent.
If you wrote your code in such a way that a function should always be
passed 1 and not "1" then it might be nice to know when this isn't the
case, which is what type hinting is all about. PHP has always leaned
towards robustness, so having your code break in this case goes against
the spirit of PHP.
There are ways today to write code that is very strict in what it
accepts. It is possible that we can make it a bit easier to write this
style of code. But we have to keep this basic principle of PHP in mind
and also keep in mind that the type check is only a part (and usually
the fastest part) of the conservative data handling strategy. The
context-specific filtering, like making sure -1 doesn't turn into
2147483648 in some unsigned backend, still needs to happen with or
without type hints.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php