Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
> On Mar 26, 2022, at 6:15 PM, Rowan Tommins wrote: > > On 25/03/2022 14:38, Arnaud Le Blanc wrote: >> I find that sprintf() is easier to read in most cases. One reason for this is >> that the text is separated from the code. > > > Funnily enough, I find sprintf() *harder* to read for the same reason - > particularly once there are more than two or three parameters, and more than > a bit of punctuation between them. > > A large part of that is because the placeholders are positional rather than > named, so you have to keep track of which is which; but by the time you've > got named placeholders, you might as well have variable interpolation. > > As a silly example, I prefer this: > > $sentence = "The {$adjectives[0]} {$adjectives[1]} {$nouns[0]} jumped over > the {$adjectives[2]} {$nouns[1]}"; > > To this: > > $sentence = sprintf( >'The %s %s %s jumped over the %s %s', >$adjectives[0], >$adjectives[1], >$nouns[0], >$adjectives[2], >$nouns[1] > ); > > I think that's partly a matter of taste, though, because I've definitely seen > people happily using both styles. And there are certainly situations (like > translation strings) where placeholders of some sort work better than > straight interpolation. Choice of sprintf() vs string interpolation *can* be more than a matter of taste, and this from someone who once greater preferred the latter. There are (at least) two use-cases I am familiar with where using printf() and sprintf() with placeholders have benefits over string interpolation. 1.) Internationalization of human-readable strings can be more easily facilitated when the literal text is kept distinct from the interpolated values. 2.) Reduced memory allocation and string manipulation when strings are used for logging that may be discarded when logging levels are set to less than "log everything." #fwiw > That's why I thought it was interesting to see what other languages have > done. While PHP and Ruby have obvious links back to Perl, many languages > which didn't start off with string interpolation have added it in later > versions, e.g. C#, Scala, JavaScript, Python. Clearly there were sufficient > voices in favour in each of those communities to add it; and in each case, > they added *expression* interpolation, not just the *variable* interpolation > supported by Perl and PHP. > > I won't be too upset if this feature doesn't get added, but I do think it > would be a nice addition. > > Regards, > > -- > Rowan Tommins > [IMSoP] > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
Hi, > A large part of that is because the placeholders are positional rather > > than named, so you have to keep track of which is which; but by the time > > you've got named placeholders, you might as well have variable > > interpolation. > > I feel the same way. PHPStorm has a feature that highlights the given > expression when your cursor is placed on a %s placeholder and vice > versa. This seems to be the treatment of that symptom. > Has "add named placeholders to *printf()" been proposed/discussed before (I didn't find)? What about strtr() (e.g. `strtr('The {foo} is {bar}.', ['{foo}' => FOO, '{bar}' => bar()])`)? (and even templating engines like Twig?) Anyway, it sometimes baffles me indeed that I can build a string with a method call like `"...{$foo->bar()}..."` but not with a function call like `"...{foo($bar)}..."`, and also with complex interpolation via callable variable like `"...{$foo($bar + baz($qux))}..."` but not with simple constant like `"...{FOO}..."` or operation like `"...{$foo + 1}..."` :/ Regards, -- Guilliam Xavier
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
> All the other languages I looked at have support for full expressions in > their interpolation forms: Thank you Rowan, I added the comparison of other languages to the RFC. > A large part of that is because the placeholders are positional rather > than named, so you have to keep track of which is which; but by the time > you've got named placeholders, you might as well have variable > interpolation. I feel the same way. PHPStorm has a feature that highlights the given expression when your cursor is placed on a %s placeholder and vice versa. This seems to be the treatment of that symptom. > and in each case, they added *expression* interpolation, not just the > *variable* interpolation supported by Perl and PHP. Also note that the goal of this RFC is not to encourage embedding increasingly complex expressions in strings, but rather to allow simple expressions like string manipulation and constants. Could you now declare all your classes in a string? Yes. Can you create a 20'000 line PHP file? Sure. I don't think most people would support some arbitrary cutoff for LOC either. As Rowan mentioned, most languages allow expressions in strings and yet this is rarely abused in practice. > Wouldn’t this open the door to all kinds of new attacks? No. It's no different from `"$userControllerString"`. Make sure to sanitize user-controlled input. The expression inside the string is parsed at compile-time, something like `"{$: $userControlledString}"` where `$userControlledString = 'doSomethingBad()';` will *not* interpret that string and call that function but rather just result in `"doSomethingBad()"`. Another thing I'd like to mention: All the heavy lifting for full blown expression string interpolation is already there. If you look at the implementation (https://github.com/php/php-src/pull/8256) very few changes are necessary to make this work. Ilija -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On 25/03/2022 14:38, Arnaud Le Blanc wrote: I find that sprintf() is easier to read in most cases. One reason for this is that the text is separated from the code. Funnily enough, I find sprintf() *harder* to read for the same reason - particularly once there are more than two or three parameters, and more than a bit of punctuation between them. A large part of that is because the placeholders are positional rather than named, so you have to keep track of which is which; but by the time you've got named placeholders, you might as well have variable interpolation. As a silly example, I prefer this: $sentence = "The {$adjectives[0]} {$adjectives[1]} {$nouns[0]} jumped over the {$adjectives[2]} {$nouns[1]}"; To this: $sentence = sprintf( 'The %s %s %s jumped over the %s %s', $adjectives[0], $adjectives[1], $nouns[0], $adjectives[2], $nouns[1] ); I think that's partly a matter of taste, though, because I've definitely seen people happily using both styles. And there are certainly situations (like translation strings) where placeholders of some sort work better than straight interpolation. That's why I thought it was interesting to see what other languages have done. While PHP and Ruby have obvious links back to Perl, many languages which didn't start off with string interpolation have added it in later versions, e.g. C#, Scala, JavaScript, Python. Clearly there were sufficient voices in favour in each of those communities to add it; and in each case, they added *expression* interpolation, not just the *variable* interpolation supported by Perl and PHP. I won't be too upset if this feature doesn't get added, but I do think it would be a nice addition. Regards, -- Rowan Tommins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
Hey Ilija. On 25.03.22 15:38, Arnaud Le Blanc wrote: Hi Ilija I find that sprintf() is easier to read in most cases. One reason for this is that the text is separated from the code. It's also easier to review for humans and linters. The strtoupper example would look like this with sprintf: $world = 'world'; echo sprintf('Hello %s!', strtoupper($world)); Longer examples can be nicely split in multiple lines: echo sprintf( 'Received HTTP status code %d (reason phrase: %s)', $response->getStatusCode(), $response->getReasonPhrase(), ); This technique also allows me to use the original string in translation while still keeping the replacements out of that. So something like echo sprintf( gettext('Hello %s!'), strtoupper($world) ); would easily work and provide the translator only with the string `Hello %s` which is much less to break than `Hello {strtoupper($world)}!` So for internationalized applications I'd rather keep the sprintf approach than a new string-syntax. A way to use sprintf in a more out-of-the-box way like in ruby would be awesome! Something like echo 'Hello %s' % [strtoupper($world)]; or echo 'Hello %{world}' % ['world' => strtoupper($world)]; But I'm absolutely happy with the current sprintf functionality. Just my 0.02€ Cheers Andreas -- ,,, (o o) +-ooO-(_)-Ooo-+ | Andreas Heigl | | mailto:andr...@heigl.org N 50°22'59.5" E 08°23'58" | | https://andreas.heigl.org | +-+ | https://hei.gl/appointmentwithandreas | +-+ OpenPGP_0xA8D5437ECE724FE5.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
Hi Ilija I find that sprintf() is easier to read in most cases. One reason for this is that the text is separated from the code. It's also easier to review for humans and linters. The strtoupper example would look like this with sprintf: $world = 'world'; echo sprintf('Hello %s!', strtoupper($world)); Longer examples can be nicely split in multiple lines: echo sprintf( 'Received HTTP status code %d (reason phrase: %s)', $response->getStatusCode(), $response->getReasonPhrase(), ); And this also works with heredoc: echo sprintf( <<<'HTML' %s HTML, htmlspecialchars($title), ); -- Arnaud On jeudi 17 mars 2022 23:27:30 CET Ilija Tovilo wrote: > Hi everyone > > I'd like to start discussion on a new RFC for arbitrary string > interpolation. https://wiki.php.net/rfc/arbitrary_string_interpolation > > Let me know what you think. > > Ilija -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On 21/03/2022 10:27, Robert Landers wrote: > The downside of a prefix is that it isn't backwards compatible. You could use # in a suffix so if you need to write backwards compatible code, you can. So maybe: > > echo "{$x#10.3f}"; > > which can be written like this in backwards compatible code: > > echo "{$x#10.3f > }"; That's a neat trick, although I'm surprised comments are allowed in that position given expressions in general aren't. I think being a syntax error in previous versions is a good thing though; falling back to ignoring the formatting specifier could result in unexpected behaviour, maybe even leaking data that the formatting was intended to hide, and projects which need to support multiple PHP versions are more likely to simply use sprintf() to get the same output on all versions. I was also deliberately pairing it with the arbitrary expression syntax as one new feature, so that we don't have so many combinations to explain to new users ("$x", "{$x}", "{$: $x}", "{$x#10.3f}", "{$: $x #10.3f}") Regards, -- Rowan Tommins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On Mon, Mar 21, 2022 at 10:51 AM Rowan Tommins wrote: > On 20/03/2022 13:39, Rowan Tommins wrote: > > Using a second colon would make ternary expressions slightly awkward; > > C# handles this by requiring them to be parenthesised, so "{$:( $test > > ? $x : $y )}" would be valid but "{$:$test ? $x : $y}" would not; we > > could use some other delimiter, but they'd probably all need something > > similar. > > > Thinking about it, a second colon might also cause problems for > expressions like "{$: Foo::bar() }", so since we have multiple symbols > at the start anyway, how about a prefixed formatting argument, e.g. > "{$%10.3f: $x }" > > Regards, > > -- > Rowan Tommins > [IMSoP] > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > The downside of a prefix is that it isn't backwards compatible. You could use # in a suffix so if you need to write backwards compatible code, you can. So maybe: echo "{$x#10.3f}"; which can be written like this in backwards compatible code: echo "{$x#10.3f }"; It isn't pretty, but it's better than a parse error and things like Rector could do this automatically.
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On 20/03/2022 13:39, Rowan Tommins wrote: Using a second colon would make ternary expressions slightly awkward; C# handles this by requiring them to be parenthesised, so "{$:( $test ? $x : $y )}" would be valid but "{$:$test ? $x : $y}" would not; we could use some other delimiter, but they'd probably all need something similar. Thinking about it, a second colon might also cause problems for expressions like "{$: Foo::bar() }", so since we have multiple symbols at the start anyway, how about a prefixed formatting argument, e.g. "{$%10.3f: $x }" Regards, -- Rowan Tommins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On 18/03/2022 17:49, Paul Dragoonis wrote: Writing code in strings is a DX nightmare Can you expand a bit on what you mean by that? It seems to be common to assert the opposite, that string interpolation is much more convenient than the alternatives. Looking around, it seems nearly all currently-popular languages include some form of interpolation. Notable languages which don't currently support it at all are Java and Go. Rust doesn't have a generic syntax, but some built-in macros support variable-only interpolation: https://blog.rust-lang.org/2022/01/13/Rust-1.58.0.html#captured-identifiers-in-format-strings Perl, from which PHP has largely inherited its string syntax, is actually more restrictive than most. Arbitrary expressions are just about possible with a bit of hackery, but not really encouraged: https://perldoc.perl.org/perlfaq4#How-do-I-expand-function-calls-in-a-string%3F All the other languages I looked at have support for full expressions in their interpolation forms: * C# - $"x + y = {x + y}" - https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/tokens/interpolated * Dart - 'x + y = ${x + y}' - https://api.dart.dev/stable/2.16.1/dart-core/String-class.html * JavaScript - `x + y = ${x + y}` - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals * Kotlin - "x + y = ${x + y}" - https://kotlinlang.org/docs/basic-types.html#string-templates * Python - f'x + y = {x + y}' - https://peps.python.org/pep-0498/ * Raku (Perl6) - "\$x + \$y = { $x + $y }" - https://docs.raku.org/language/quoting.html#Interpolation:_qq * Ruby - "x + y = #{x + y}" - http://ruby-for-beginners.rubymonstas.org/bonus/string_interpolation.html * Scala - s"x + y = ${$x + $y}" - https://docs.scala-lang.org/overviews/core/string-interpolation.html * Swift - "x + y = \(x + y)" - https://docs.swift.org/swift-book/LanguageGuide/StringsAndCharacters.html#ID292 Interestingly, a few languages have forms that combine arbitrary expression interpolation with printf-style modifiers. For instance, to format a float x to 3 decimal places, aligned right to width 10: * C# - $"{x,10:F3}" * Python - f"{x:10.3}" * Scala - f"$x%10.3f" It might be interesting to explore this for PHP, e.g. "{$:$x:10.3f}". If we're not sure we want it yet, we could leave the option open by making anything of the form "{$:expression:format}" a syntax error. Using a second colon would make ternary expressions slightly awkward; C# handles this by requiring them to be parenthesised, so "{$:( $test ? $x : $y )}" would be valid but "{$:$test ? $x : $y}" would not; we could use some other delimiter, but they'd probably all need something similar. PS: Reminder to all that convention on this list is to reply below not above quoted text. -- Rowan Tommins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On Fri, Mar 18, 2022 at 11:01 PM Theodore Brown wrote: > On Fri, Mar 18, 2022 at 09:02 Chase Peeler wrote: > > On Fri, Mar 18, 2022 at 12:49 AM Theodore Brown > wrote: > > > > > > Personally I'm really looking forward to having this functionality. > > > Just a couple days ago I wanted to call a function in an interpolated > > > string, and it was really annoying to have to wrap the function in a > > > closure in order to use it. > > > > > > If this RFC is accepted I'd be able to replace code like this: > > > > > > $name = "Theodore Brown"; > > > $strlen = fn(string $string): int => strlen($string); > > > echo "{$name} has a length of {$strlen($name)}."; > > > > > > with > > > > > > $name = "Theodore Brown"; > > > echo "{$name} has a length of {$:strlen($name)}."; > > > > > > Out of curiosity, why not: > > > > $name = "Theodore Brown"; > > echo "{$name} has a length of ".strlen($name)."."; > > > > or even > > > > $name = "Theodore Brown"; > > $len = strlen($name); > > echo "{$name} has a length of {$len}."; > > Concatenation works fine for a simple example like this, but it can > get a lot messier when there are more than a few embedded variables. > It's particularly an issue with heredoc strings which are far more > cumbersome to concatenate. > > Yes, it's possible to add extra variables before the string like in > your second example, but this feels like unnecessary work, especially > when you already have all the variables you want and just want to > apply a function to them at several places in a template string. > One function that I continuously run into is 'number_format' (and its intl equivalents). It'd be much easier to read "you have {$:number_format(count($items))} remaining" instead of "you have $formatted_count_of_items remaining" > Theodore > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On Fri, Mar 18, 2022 at 09:02 Chase Peeler wrote: > On Fri, Mar 18, 2022 at 12:49 AM Theodore Brown > wrote: > > > > Personally I'm really looking forward to having this functionality. > > Just a couple days ago I wanted to call a function in an interpolated > > string, and it was really annoying to have to wrap the function in a > > closure in order to use it. > > > > If this RFC is accepted I'd be able to replace code like this: > > > > $name = "Theodore Brown"; > > $strlen = fn(string $string): int => strlen($string); > > echo "{$name} has a length of {$strlen($name)}."; > > > > with > > > > $name = "Theodore Brown"; > > echo "{$name} has a length of {$:strlen($name)}."; > > > Out of curiosity, why not: > > $name = "Theodore Brown"; > echo "{$name} has a length of ".strlen($name)."."; > > or even > > $name = "Theodore Brown"; > $len = strlen($name); > echo "{$name} has a length of {$len}."; Concatenation works fine for a simple example like this, but it can get a lot messier when there are more than a few embedded variables. It's particularly an issue with heredoc strings which are far more cumbersome to concatenate. Yes, it's possible to add extra variables before the string like in your second example, but this feels like unnecessary work, especially when you already have all the variables you want and just want to apply a function to them at several places in a template string. Theodore -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
i'd write it as $name = "Theodore Brown"; echo "{$name} has a length of " . strlen ( $name ) . "."; On Fri, 18 Mar 2022 at 05:49, Theodore Brown wrote: > On Thu, Mar 17, 2022 at 5:40 PM Tobias Nyholm > wrote: > > > On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, wrote: > > > >> Hi everyone > >> > >> I'd like to start discussion on a new RFC for arbitrary string > >> interpolation. > >> https://wiki.php.net/rfc/arbitrary_string_interpolation > >> > >> Let me know what you think. > > > > That is a cool idea. > > But I am not a big fan of having code in strings. > > Wouldn’t this open the door to all kinds of new attacks? > > Do you have an example of a new kind of attack this would allow? > The proposal doesn't enable interpolation of strings coming from > a database or user input - it only applies to string literals > directly in PHP code. > > Personally I'm really looking forward to having this functionality. > Just a couple days ago I wanted to call a function in an interpolated > string, and it was really annoying to have to wrap the function in a > closure in order to use it. > > If this RFC is accepted I'd be able to replace code like this: > > $name = "Theodore Brown"; > $strlen = fn(string $string): int => strlen($string); > echo "{$name} has a length of {$strlen($name)}."; > > with > > $name = "Theodore Brown"; > echo "{$name} has a length of {$:strlen($name)}."; > > > Sincerely, > > Theodore > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
> Le 18 mars 2022 à 18:49, Paul Dragoonis a écrit : > > I think the original goal of this RFC is to make PHP more expressive, and > less clunky (look at Jav). This is a good goal and one much desired by the > community, but I think the approach here isn't the right fit or way to > achieve it > > Writing code in strings is a DX nightmare, and static analysis challenge. > > PHP is improving onto a more verbose, typed, but exprsssive language, and > this change would make that harder. > > I'm also thinking if this could become a LCE/RCE vulnerability in a type of > eval() situation. Not a huge point but just an observation. > > Happy to re evaluate a new approach to solve the same problem that doesn't > involve coding inside strings. Although I agree that code execution in strings is not a great idea, it should be noted that this is already possible today, so that this proposal does not add a new capability. Indeed, the proposed syntax: "{$:/* arbitrary expression here */}"; is equivalent to: $expr = fn($_) => $_; "{$expr(/* arbitrary expression here */)}"; —Claude -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
I think the original goal of this RFC is to make PHP more expressive, and less clunky (look at Jav). This is a good goal and one much desired by the community, but I think the approach here isn't the right fit or way to achieve it Writing code in strings is a DX nightmare, and static analysis challenge. PHP is improving onto a more verbose, typed, but exprsssive language, and this change would make that harder. I'm also thinking if this could become a LCE/RCE vulnerability in a type of eval() situation. Not a huge point but just an observation. Happy to re evaluate a new approach to solve the same problem that doesn't involve coding inside strings. On Fri, 18 Mar 2022, 14:09 Pierre, wrote: > Le 18/03/2022 à 15:02, Chase Peeler a écrit : > > On Fri, Mar 18, 2022 at 12:49 AM Theodore Brown > > wrote: > > > >> On Thu, Mar 17, 2022 at 5:40 PM Tobias Nyholm > >> wrote: > >> > >>> On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, > wrote: > >>> > Hi everyone > > I'd like to start discussion on a new RFC for arbitrary string > interpolation. > https://wiki.php.net/rfc/arbitrary_string_interpolation > > Let me know what you think. > >>> That is a cool idea. > >>> But I am not a big fan of having code in strings. > >>> Wouldn’t this open the door to all kinds of new attacks? > >> Do you have an example of a new kind of attack this would allow? > >> The proposal doesn't enable interpolation of strings coming from > >> a database or user input - it only applies to string literals > >> directly in PHP code. > >> > >> Personally I'm really looking forward to having this functionality. > >> Just a couple days ago I wanted to call a function in an interpolated > >> string, and it was really annoying to have to wrap the function in a > >> closure in order to use it. > >> > >> If this RFC is accepted I'd be able to replace code like this: > >> > >> $name = "Theodore Brown"; > >> $strlen = fn(string $string): int => strlen($string); > >> echo "{$name} has a length of {$strlen($name)}."; > >> > >> with > >> > >> $name = "Theodore Brown"; > >> echo "{$name} has a length of {$:strlen($name)}."; > >> > >> > > Out of curiosity, why not: > > $name = "Theodore Brown"; > > echo "{$name} has a length of ".strlen($name)."."; > > > > or even > > $name = "Theodore Brown"; > > $len = strlen($name); > > echo "{$name} has a length of {$len}."; > > I guess it's a matter of taste and convention. > > Sometime, it make sense and it's just easier to just use string > interpolation (for example with multiline templates). > > Regards, > > -- > > Pierre > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
Le 18/03/2022 à 15:02, Chase Peeler a écrit : On Fri, Mar 18, 2022 at 12:49 AM Theodore Brown wrote: On Thu, Mar 17, 2022 at 5:40 PM Tobias Nyholm wrote: On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, wrote: Hi everyone I'd like to start discussion on a new RFC for arbitrary string interpolation. https://wiki.php.net/rfc/arbitrary_string_interpolation Let me know what you think. That is a cool idea. But I am not a big fan of having code in strings. Wouldn’t this open the door to all kinds of new attacks? Do you have an example of a new kind of attack this would allow? The proposal doesn't enable interpolation of strings coming from a database or user input - it only applies to string literals directly in PHP code. Personally I'm really looking forward to having this functionality. Just a couple days ago I wanted to call a function in an interpolated string, and it was really annoying to have to wrap the function in a closure in order to use it. If this RFC is accepted I'd be able to replace code like this: $name = "Theodore Brown"; $strlen = fn(string $string): int => strlen($string); echo "{$name} has a length of {$strlen($name)}."; with $name = "Theodore Brown"; echo "{$name} has a length of {$:strlen($name)}."; Out of curiosity, why not: $name = "Theodore Brown"; echo "{$name} has a length of ".strlen($name)."."; or even $name = "Theodore Brown"; $len = strlen($name); echo "{$name} has a length of {$len}."; I guess it's a matter of taste and convention. Sometime, it make sense and it's just easier to just use string interpolation (for example with multiline templates). Regards, -- Pierre -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On Fri, Mar 18, 2022 at 12:49 AM Theodore Brown wrote: > On Thu, Mar 17, 2022 at 5:40 PM Tobias Nyholm > wrote: > > > On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, wrote: > > > >> Hi everyone > >> > >> I'd like to start discussion on a new RFC for arbitrary string > >> interpolation. > >> https://wiki.php.net/rfc/arbitrary_string_interpolation > >> > >> Let me know what you think. > > > > That is a cool idea. > > But I am not a big fan of having code in strings. > > Wouldn’t this open the door to all kinds of new attacks? > > Do you have an example of a new kind of attack this would allow? > The proposal doesn't enable interpolation of strings coming from > a database or user input - it only applies to string literals > directly in PHP code. > > Personally I'm really looking forward to having this functionality. > Just a couple days ago I wanted to call a function in an interpolated > string, and it was really annoying to have to wrap the function in a > closure in order to use it. > > If this RFC is accepted I'd be able to replace code like this: > > $name = "Theodore Brown"; > $strlen = fn(string $string): int => strlen($string); > echo "{$name} has a length of {$strlen($name)}."; > > with > > $name = "Theodore Brown"; > echo "{$name} has a length of {$:strlen($name)}."; > > Out of curiosity, why not: $name = "Theodore Brown"; echo "{$name} has a length of ".strlen($name)."."; or even $name = "Theodore Brown"; $len = strlen($name); echo "{$name} has a length of {$len}."; > > Sincerely, > > Theodore > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > -- Chase Peeler chasepee...@gmail.com
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
I've wanted this for years! Robert Landers Software Engineer Utrecht NL On Thu, Mar 17, 2022 at 11:27 PM Ilija Tovilo wrote: > Hi everyone > > I'd like to start discussion on a new RFC for arbitrary string > interpolation. > https://wiki.php.net/rfc/arbitrary_string_interpolation > > Let me know what you think. > > Ilija > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
On Thu, Mar 17, 2022 at 5:40 PM Tobias Nyholm wrote: > On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, wrote: > >> Hi everyone >> >> I'd like to start discussion on a new RFC for arbitrary string >> interpolation. >> https://wiki.php.net/rfc/arbitrary_string_interpolation >> >> Let me know what you think. > > That is a cool idea. > But I am not a big fan of having code in strings. > Wouldn’t this open the door to all kinds of new attacks? Do you have an example of a new kind of attack this would allow? The proposal doesn't enable interpolation of strings coming from a database or user input - it only applies to string literals directly in PHP code. Personally I'm really looking forward to having this functionality. Just a couple days ago I wanted to call a function in an interpolated string, and it was really annoying to have to wrap the function in a closure in order to use it. If this RFC is accepted I'd be able to replace code like this: $name = "Theodore Brown"; $strlen = fn(string $string): int => strlen($string); echo "{$name} has a length of {$strlen($name)}."; with $name = "Theodore Brown"; echo "{$name} has a length of {$:strlen($name)}."; Sincerely, Theodore -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
That is a cool idea. But I am not a big fan of having code in strings. Wouldn’t this open the door to all kinds of new attacks? // Tobias > On 17 Mar 2022, at 23:30, Marco Pivetta wrote: > > Hey Ilija, > > Overall not a fan: want more `sprintf()` and less interpolation, where > possible 😬 > > Couldn't we let the construct slowly decay into nothingness, perhaps? > > On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, wrote: > >> Hi everyone >> >> I'd like to start discussion on a new RFC for arbitrary string >> interpolation. >> https://wiki.php.net/rfc/arbitrary_string_interpolation >> >> Let me know what you think. >> >> Ilija -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
Re: [PHP-DEV] [RFC][Under discussion] Arbitrary string interpolation
Hey Ilija, Overall not a fan: want more `sprintf()` and less interpolation, where possible 😬 Couldn't we let the construct slowly decay into nothingness, perhaps? On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, wrote: > Hi everyone > > I'd like to start discussion on a new RFC for arbitrary string > interpolation. > https://wiki.php.net/rfc/arbitrary_string_interpolation > > Let me know what you think. > > Ilija