PHP RFC: In Operator


This RFC adds a new in operator which simplifies contains checks for strings and arrays. The in operator makes these checks way more readable and lowers the cognitive load. Additionally, it also works for Traversable.


Checking if a specific input in an allowed range of value is a very common check in web application, therefore this operator simplifies those checks (and besides makes them a little bit faster). Currently, we have to use in_array($needle, $haystack, true) or strpos($haystack, $needle) !== false. These functions have a inconsistent parameter order, so it's hard to remember which is the right one for each. Additionally, omitting the third parameter for in_array is very common which led to security vulnerabilities in the past.


Add a new operator (expr1) in (expr2). It checks whether expr2 contains expr1.

It uses strict comparison (===) for array values / instances of Traversable and doesn't search recursively.

$contains = "foo" in ["a", "b", "c"]; // false
$contains = "foo" in ["foo", "bar"]; // true
$contains = "foo" in [["foo"], ["bar"]]; // false
$contains = "0e0" in ["0"]; // false, because of strict comparison
$contains = 0 in ["0"]; // false, because of strict comparison
$contains = ["foo"] in [["foo"], ["bar"]]; // true
$contains = ["foo"] in ["foo"]; // false

Traversables are only iterated until there's a match.

function gen () {
    yield "foo";
    yield "bar";
    // code below here wouldn't be executed if "bar" matches
    // because it stops if there's a match.
$contains = "bar" in gen(); // true
$contains = "baz" in gen(); // false

If $haystack is a string, it's a simple contains check.

$contains = "foo" in "foobar"; // true
$contains = "php" in "foobar"; // false

Other expressions than mixed in array|Traversable or string in string throw an EngineException.

Why strict?

It's strict because otherwise something like “foo” in [0] would pass.


It should have the same precedence as instanceof, so it's possible to negate it:

if (!$input in $validValues) {
    // ...

Backward Incompatible Changes

New reserved keyword in. This affects function, constant and class, but not class constant and method names, because it depends on the context sensitive lexer being merged.

Proposed PHP Version(s)

Next major release, at the time of writing PHP 7.

RFC Impact

New Constants

A T_IN constant for use with ext/tokenizer has been added.

Future Scope

There could be a syntax that allows to check for multiple values at once, e.g.

$contains = ...["foo", "bar"] in ["foo", "baz", "bar"];


Requires a 2/3 majority. Even if it passes, it will only get merged if the context sensitive lexer gets merged.

Introduce the in operator?
Real name Yes No
aharvey (aharvey)  
ajf (ajf)  
ben (ben)  
bishop (bishop)  
brandon (brandon)  
bwoebi (bwoebi)  
Damien Tournoud (damz)  
danack (danack)  
duodraco (duodraco)  
eliw (eliw)  
fa (fa)  
fibbarth (fibbarth)  
galvao (galvao)  
indeyets (indeyets)  
irker (irker)  
jedibc (jedibc)  
jwage (jwage)  
kinncj (kinncj)  
klaussilveira (klaussilveira)  
leigh (leigh)  
lstrojny (lstrojny)  
mbeccati (mbeccati)  
mike (mike)  
mj (mj)  
ocramius (ocramius)  
patrickallaert (patrickallaert)  
pauloelr (pauloelr)  
philstu (philstu)  
pollita (pollita)  
ralphschindler (ralphschindler)  
ramsey (ramsey)  
rdohms (rdohms)  
rmf (rmf)  
salathe (salathe)  
santiagolizardo (santiagolizardo)  
sebastian (sebastian)  
seld (seld)  
stas (stas)  
stelianm (stelianm)  
subjective (subjective)  
theseer (theseer)  
till (till)  
timo (timo)  
wiesemann (wiesemann)  
yohgaki (yohgaki)  
yunosh (yunosh)  
zeev (zeev)  
Final result: 21 26
This poll has been closed.

Voting started on 2015-03-15 and ends on 2015-03-29.

Patches and Tests

Rejected Features

Keep this updated with features that were discussed on the mail lists.


  • v0.5: Removed integer support, so the strictness is consistent.
  • v0.4: Removed possibility to check multiple values using an array.
rfc/in_operator.txt · Last modified: 2017/09/22 13:28 by