Hello, internals! > Good evening, > > I am presenting a new RFC to add a set of three functions to do validated > casts for scalar types: > > https://wiki.php.net/rfc/safe_cast > > Please read it.
Personally I don't like this RFC because it's introducing one more way to cast value in PHP. We already have boolval(), intval(), strlva() functions that are not widely used in the source code, because of dynamic nature of PHP. Developers just use value as is, assuming that it will cast automatically where needed. This kind of casting is typically used to prevent an attacks like this $id = intval($_GET['id']); But this is ugly implementation from my point of view. Binding and sanitization can do this much better. There is also one more way to cast values with explicit casting: $id = (int) $_GET['id']. I think that this way of doing casting is more natural for developers to read, because many languages use the same scheme to cast values into another types. Instead of implementing new to_xxxx() functions, it can be nice to reuse logic of casting with "(type) $value" to follow https://wiki.php.net/rfc/scalar_type_hinting_with_cast#conversion_rules which looks great. Besides this, there is casting with settype($value, $type) and one more with filter sanitization. If this RFC will be accepted there will be one more way with own logic of casting. And this is not so good from userland point of view. It can be good only with OOP support for primitive types, for example $value = '1234'; $number = $value->toInt(); $float = $value->toFloat(), etc.. Thanks! -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
