2012/3/18 Adam Jon Richardson <adamj...@gmail.com>:
> On Sun, Mar 18, 2012 at 7:12 AM, Simon Schick
> <simonsimc...@googlemail.com>wrote:
>
>>
>> Hi, All
>>
>> Just to add an example why I want a more strictly type-check here as
>> we have in the current type-juggling:
>>
>> http://www.brandonsavage.net/an-xss-vulerability-in-the-making/?utm_source=rss&utm_medium=rss&utm_campaign=an-xss-vulerability-in-the-making
>
>
> I see the example given as one of poor validation, not a reason for more
> strict type checking in a dynamic, weakly typed language.
>
> One could:
>
> - use a regex
> - setting the third argument (strict comparison) of in_array() to true -OR-
> looping through the array and checking equivalence with ===
> - ensure the type juggled value (the integer form) was returned and used
> rather than using the original string
>
> I actually like the conversation on scalar type hinting, and I've even
> offered some ideas for integrating a form of it, too. However, poor input
> validation is not one of the reasons that I would use to justify its
> inclusion. The goal of proper input validation should be to account for
> page requests that include invalid data and provide appropriate feedback
> within the natural flow of the application. Erring out when calling a more
> strongly typed function at runtime does not provide this type of
> application flow.
>
> Adam
Hi, Adam
I totally agree that type-hinting should not cover what the programmer
should do for validating the given input ...
But I just wanted to point out that this is something the author (and
I) would never expect to happen ...
in_array("123abc", array(3, 7, 123, 28)) === true
But that's another thing :)
I just wanted to point out that I don't want to have the string
"123abc" accepted as an integer :)
Anyways ... This thread should be a discussion about the whole
concept, not the details.
Sorry for getting off-context here.
Bye
Simon
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
