Hi Dennies,
On Mon, Mar 16, 2015 at 11:36 AM, Dennis Birkholz <den...@birkholz.biz>
wrote:
> Am 16.03.2015 um 03:16 schrieb Yasuo Ohgaki:
> > This code is an example that I posted in other thread.
> >
> > e.g.
> > <?php
> > function check_num_range(int $num) { if ($num < 0 || $num > 100)
> > trigger_error('Invalid range'); }
> > // Somewhere far from function definition.
> > $num = $GET['num'];
> > // Somewhere far from $num definition.
> > check_num_range($num); // Trying to check validity, int and range.
> > echo 'You have '.$num. ' now <br />'; // But $num could have any string.
> > //
> > "check_num_range((int)$num)" wouldn't help also.
> >
> > Simple cast hides bugs, not eliminates type bugs.
> > This is just an example and there are many cases that cast hides bugs in
> > real world codes.
>
> please, if check_num_range() would be a build-in function, the outcome
> would be exactly the same.
>
> If $num contains something like "100 dogs", you get a notice:
> http://3v4l.org/fnuAc/rfc#tabs
>
> If $num contains rubbish, you get a catchable fatal error:
> http://3v4l.org/UStfP/rfc#tabs
>
My point is "Coercive type" can find/detect invalid inputs, while both
"Weak and Strict type" cannot.
Writing solid code is upto users with respect to correct conversion
handling. I'm not saying "Coercive
type" is perfect, but much more helpful.
Coercive type RFC helps to find very hard to detect/notice bugs, while
"Weak and Strict type" cannot.
This is very important difference to me because I saw many codes like this
with source code security check,
as well as buggy code with external resources like databases.
Regards,
--
Yasuo Ohgaki
yohg...@ohgaki.net
