rfc:null_coercion_consistency
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
rfc:null_coercion_consistency [2022/04/11 16:35] – craigfrancis | rfc:null_coercion_consistency [2022/04/15 07:34] – craigfrancis | ||
---|---|---|---|
Line 23: | Line 23: | ||
There was a [[https:// | There was a [[https:// | ||
+ | |||
+ | The general direction of [[https:// | ||
+ | |||
+ | <code php> | ||
+ | $search = filter_input(INPUT_GET, | ||
+ | |||
+ | echo ' | ||
+ | </ | ||
===== Problem ===== | ===== Problem ===== | ||
Line 123: | Line 131: | ||
</ | </ | ||
- | Examples where NULL has previously been fine for scripts not using // | + | Examples, often working with user input, |
<code php> | <code php> | ||
Line 147: | Line 155: | ||
</ | </ | ||
- | And developers have used //NULL// to skip certain parameters, e.g. | + | And developers have used NULL to skip certain parameters, e.g. |
<code php> | <code php> | ||
setcookie(' | setcookie(' | ||
+ | |||
+ | substr($string, | ||
mail(' | mail(' | ||
Line 163: | Line 173: | ||
The only realistic way for developers to find when NULL is passed to these internal functions is to use the deprecation notices (not ideal). | The only realistic way for developers to find when NULL is passed to these internal functions is to use the deprecation notices (not ideal). | ||
- | It is possible to use very strict Static Analysis, to follow every variable from source to sink (to check if a variable could be //NULL//), but most developers are not in a position to do this (i.e. not using static analysis, or not at a high enough level, or they are using a baseline to ignore). | + | It is possible to use very strict Static Analysis, to follow every variable from source to sink (to check if a variable could be NULL), but most developers are not in a position to do this (i.e. not using static analysis, or not at a high enough level, or they are using a baseline to ignore). |
In the last JetBrains developer survey, where 67% regularly used Laravel, **only 33% used Static Analysis** ([[https:// | In the last JetBrains developer survey, where 67% regularly used Laravel, **only 33% used Static Analysis** ([[https:// | ||
Line 323: | Line 333: | ||
" | " | ||
+ | |||
+ | " | ||
===== Future Scope ===== | ===== Future Scope ===== | ||
Line 345: | Line 357: | ||
===== Rejected Features ===== | ===== Rejected Features ===== | ||
- | Did consider updating | + | - Updating |
===== Notes ===== | ===== Notes ===== |
rfc/null_coercion_consistency.txt · Last modified: 2023/10/18 11:57 by craigfrancis