Nothing's stopping you from using === for integer comparison or
validating your integer string using either ctype_digit() or
is_numeric() before comparing it. (The difference between these two
functions is is_numeric() allows for decimal points)
On 05/07/2012 09:25 PM, Raymond Irving wrote:
I
> At most, I'd remove the part that truncates numeric strings like
> "123abc" and always convert them to 0, because that's almost *never*
> an intended effect.
I too find it hard to think of the situation in which data must be
stored, even in a temporary form, as "123abc" but is meant to be
equiv
While it's not the prettiest of side effects in php, I don't agree it should be
"fixed"
On top of a massive BC break, it's not as if the results are inconsistent.
Learning php means learning how type juggling works.
At most, I'd remove the part that truncates numeric strings like "123abc" and
I was very surprised when I came across the == issue sometime ago. IMO
strings should be compared as strings. They should never be converted to
integer.
1=="1" // always convert the number value to a string and then
compare it
"foo" == 0// should return false
"123abc" == "123nth" /
> On 05/07/2012 05:32 AM, Tjerk Anne Meesters wrote:
>
>> Validated or not, why would type juggling even come into the picture
>> if both variables are of the same type?
>
> For the simple reason that web forms return all input as strings, even
> if the input is actually meant to be numeric
>
> Man
On 05/07/2012 05:32 AM, Tjerk Anne Meesters wrote:
> Validated or not, why would type juggling even come into the picture
> if both variables are of the same type?
For the simple reason that web forms return all input as strings, even
if the input is actually meant to be numeric
Many PHP databas
On 05/07/2012 09:28 AM, Arvids Godjuks wrote:
> Hello internals,
>
> I should voice my opinion that such things like comparing two strings
> starting with numbers and that they resolve to actual integer/float for
> comparation is bad, really bad. That just defies the logic and yealds
> absolutly u
Easy - you see == everywhere and === is used rarely, in docs you see it in
some places like strpos(). This is one thing that has to be communicated
through every channel available (including docs) with clear examples that
show why it should be used instead of ==.
Take me for example, I never had an
>
> I agree with Rasmus (and others) on this one
> (http://www.mail-archive.com/internals@lists.php.net/msg57949.html), type
> numeric conversion on strings on both sides should only happen if both
> strings can be represented as numbers without losing data/precision.
> if one or both of the two si
On Mon, May 7, 2012 at 11:22 AM, Kris Craig wrote:
> On Mon, May 7, 2012 at 1:46 AM, Gustavo Lopes >wrote:
>
> > On Mon, 07 May 2012 10:31:00 +0200, Kris Craig
> > wrote:
> >
> > That being said, I agree that this *definitely* should be fixed if the
> >>
> >> examples cited are indeed accurate
On Mon, May 7, 2012 at 1:46 AM, Gustavo Lopes wrote:
> On Mon, 07 May 2012 10:31:00 +0200, Kris Craig
> wrote:
>
> That being said, I agree that this *definitely* should be fixed if the
>>
>> examples cited are indeed accurate (I've been working with PHP for over
>> 10 years and I was never awar
On Mon, May 7, 2012 at 10:31 AM, Kris Craig wrote:
> On Mon, May 7, 2012 at 12:28 AM, Arvids Godjuks >wrote:
>
> > Hello internals,
> >
> > I should voice my opinion that such things like comparing two strings
> > starting with numbers and that they resolve to actual integer/float for
> > compar
On Mon, 07 May 2012 10:31:00 +0200, Kris Craig
wrote:
That being said, I agree that this *definitely* should be fixed if the
examples cited are indeed accurate (I've been working with PHP for over
10 years and I was never aware of this bizarre behavior, either). I
don't
know the history
On Mon, May 7, 2012 at 12:28 AM, Arvids Godjuks wrote:
> Hello internals,
>
> I should voice my opinion that such things like comparing two strings
> starting with numbers and that they resolve to actual integer/float for
> comparation is bad, really bad. That just defies the logic and yealds
> ab
Hello internals,
I should voice my opinion that such things like comparing two strings
starting with numbers and that they resolve to actual integer/float for
comparation is bad, really bad. That just defies the logic and yealds
absolutly unexpected results. I pride myself that i know the juggling
On Sun, May 6, 2012 at 12:17 AM, Richard Lynch wrote:
>> What exactly valid points? == is a converting operator, === is a
>> strict
>> operator. OK, in his favorite language it is not. Where exactly the
>> valid point is? Author goes at great lengths to refuse to make even a
>> slight mental effor
On Tue, April 10, 2012 1:27 pm, Stas Malyshev wrote:
> Hi!
>
>> Scroll down a bit; he gets into valid points about the == operator,
>> for instance. It's not a useless post. He does cite too many things
>> that he has to follow up himself by saying "this was fixed in PHP
>> 5.x.y." If it was fixed,
On Apr 18, 2012, at 1:34 AM, Hartmut Holzgraefe wrote:
> On 04/10/2012 06:20 PM, Adir Kuhn wrote:
>> Hi folks,
>>
>> today I read this post, I think that some points are valid, follow the link
>> for
>> you guys
>
> as stuff like this comes up again and again (although not in as epic
> lenght
On 04/11/2012 05:19 PM, Luke Scott wrote:
> The only thing that infuriates me is the ternary operator being left
> associative. I want that fixed - screw bc on that one! I have been
> programming for 10 years and that one still confuses me! Most people
> just add parentheses to "fix" the problem.
On 04/10/2012 06:20 PM, Adir Kuhn wrote:
> Hi folks,
>
> today I read this post, I think that some points are valid, follow the link
> for
> you guys
as stuff like this comes up again and again (although not in as epic
lenght as this one) i've been thinking whether it might make sense to
have so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 10.04.2012 20:28, schrieb Kris Craig:
> On Tue, Apr 10, 2012 at 11:12 AM, Ralf Lang
> wrote:
>
It always amuses me when PERL developers go on their little
soapboxes about how "real" programmers all think PHP is
stupid lol.
>
> It
On Wed, 2012-04-11 at 19:44 +0100, Lester Caine wrote:
> Anthony Ferrara wrote:
> > Even with PDO and older versions of MySQL, you could inject into
> > prepared statements quite easily (assuming charset settings):
> >
> > $var = '1' . chr(0xbf) . chr(0x27) . ' OR 1=1';
> >
> > $pdo = new PDO('mysq
Anthony Ferrara wrote:
Even with PDO and older versions of MySQL, you could inject into
prepared statements quite easily (assuming charset settings):
$var = '1' . chr(0xbf) . chr(0x27) . ' OR 1=1';
$pdo = new PDO('mysql:...');
$pdo->query('SET NAMES GBK');
$stmt = $pdo->prepare('SELECT * FROM f
Lester,
Even with PDO and older versions of MySQL, you could inject into
prepared statements quite easily (assuming charset settings):
$var = '1' . chr(0xbf) . chr(0x27) . ' OR 1=1';
$pdo = new PDO('mysql:...');
$pdo->query('SET NAMES GBK');
$stmt = $pdo->prepare('SELECT * FROM foo WHERE 2 = ?')
Ralph Schindler wrote:
Hey Lester,
That is almost archaic it's self ...
It should be replaced with a pointer to using parameters ( no we do not
need 'prepared statements', just parameters ). One of the first things I
implement on any code that I'm porting. Does away with any agro over
escaping
Hey Lester,
On 4/11/12 3:29 AM, Lester Caine wrote:
That is almost archaic it's self ...
It should be replaced with a pointer to using parameters ( no we do not
need 'prepared statements', just parameters ). One of the first things I
implement on any code that I'm porting. Does away with any ag
I do agree with a lot of what was being said. But what can you do?
These are mostly quirks of the language. You learn to live with them.
I don't make excuses for it. It is what it is.
The only thing that infuriates me is the ternary operator being left
associative. I want that fixed - screw bc on
Yasuo Ohgaki wrote:
Anyway,
http://www.php.net/manual/en/security.database.sql-injection.php
I've never read this page. This page must be improved...
That is almost archaic it's self ...
It should be replaced with a pointer to using parameters ( no we do not need
'prepared statements', just pa
Stopped reading after encountered "E_ACTUALLY_ALL", "for ($foo as &$bar)" -
these things required me to google or to refer to docs to ensure I was not
missing something. And, yes, I should have stopped after the words "don’t
tell me anything!". People who refuse to listen do not deserve to be heard
Hi,
It was fun to read. I understand he just don't like PHP.
His article may be good for novice users to understand how PHP will behave.
I guess he learned PHP a lot, but he lists framework feature as
missing. I wander why. He seems to like Python, but Python's multibyte
support was awful until r
On Tue, Apr 10, 2012 at 9:20 AM, Adir Kuhn wrote:
> Hi folks,
>
> today I read this post, I think that some points are valid, follow the link
> for
> you guys
"Ideally, don’t tell me anything!"
That's doable. No point trying to talk to a ranter.
-Ronabop
--
PHP Internals - PHP Runtime Develop
hi Tom,
On Tue, Apr 10, 2012 at 8:18 PM, Tom Boutell wrote:
> Scroll down a bit; he gets into valid points about the == operator,
> for instance. It's not a useless post. He does cite too many things
> that he has to follow up himself by saying "this was fixed in PHP
> 5.x.y." If it was fixed, w
Kris Craig wrote:
PERL is like the duct-tape
of scripting languages; it can be used for just about anything, though
there's almost always a more specialized solution. It serves a purpose.
Perhaps not the most ideal of comparisons ... The last thing you use 'duct-tape'
for is sealing ducts ...
On Tue, Apr 10, 2012 at 11:12 AM, Ralf Lang wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> > It always amuses me when PERL developers go on their little
> > soapboxes about how "real" programmers all think PHP is stupid
> > lol.
>
> It always amuses me PHP people think perl is stupi
Hi!
> Scroll down a bit; he gets into valid points about the == operator,
> for instance. It's not a useless post. He does cite too many things
> that he has to follow up himself by saying "this was fixed in PHP
> 5.x.y." If it was fixed, why is it on your laundry list still?
What exactly valid p
Scroll down a bit; he gets into valid points about the == operator,
for instance. It's not a useless post. He does cite too many things
that he has to follow up himself by saying "this was fixed in PHP
5.x.y." If it was fixed, why is it on your laundry list still?
On Tue, Apr 10, 2012 at 12:31 PM,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> It always amuses me when PERL developers go on their little
> soapboxes about how "real" programmers all think PHP is stupid
> lol.
It always amuses me PHP people think perl is stupid and vice versa.
Both languages have their use case, sometimes I
On Tue, Apr 10, 2012 at 9:38 AM, Stas Malyshev wrote:
> Hi!
>
> > today I read this post, I think that some points are valid, follow the
> link for
> > you guys
> >
>
> Could you name a few and explain why you think they are valid and what
> you propose to do to fix them? This article is huge and
Hi!
> today I read this post, I think that some points are valid, follow the link
> for
> you guys
>
Could you name a few and explain why you think they are valid and what
you propose to do to fix them? This article is huge and if you want to
start a discussion that makes sense (as opposed to a
On Tue, 10 Apr 2012 17:20:41 +0100, Adir Kuhn wrote:
Hi folks,
today I read this post, I think that some points are valid, follow the
link for you guys
http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/
This is really long. I stopped reading in full when he complained abo
hi,
On Tue, Apr 10, 2012 at 6:20 PM, Adir Kuhn wrote:
> Hi folks,
>
> today I read this post, I think that some points are valid, follow the link
> for
> you guys
>
> http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/
Sorry but this list is not a SEO booster. Thanks for your und
41 matches
Mail list logo
