Creating a strict data arg in a function

[eldan88]

Hey Guys. I am trying to create a strict data type within a function. (Boolean only) However when I pass a string it doesn't display any errors. Below is the fucntion I am using. Any help would be really appreciated

function outputAddress($resolve){

if(!is_bool($resolve)) {
die("outputAddress() requires a boolean argument");
}

 outputAddress("true"); // Doesn't display any error messages??

[eldan88]

nvm. I accedintly invoked the function inside the function!

[Jacques1]

Enforcing specific data types in PHP makes no sense and is, in a way, incorrect.

 

PHP is a weakly typed language, that is, the programmer is generally free to replace any value with an “equivalent” value. For example, PHP doesn't care if you use the integer 123 or the string "123". Both should always have the same effect. The same applies to the boolean true and all truthy values.You may or may not like this, and there are arguments for either type model, but this is how PHP works. It's how people expect it to work.

 

If you insist on getting an actual boolean, you break this fundamental principle and actively work against the language. This creates a lot of confusion and code clutter and simply isn't good programming. The only exception is security-related code.

 

May I ask why you even want this? What's the point of the check?

[eldan88]

You are 100% wrong. Because PHP is a loosly typed language it will allow other coders to pass in args with different  data types other which will breed bugs, and will be hard for me to scale. Please think before post something

[Jacques1]

Because PHP is a loosly typed language it will allow other coders to pass in args with different  data types other which will breed bugs, and will be hard for me to scale.

 

If you don't want weak typing, then don't use PHP. Trying to turn it into Eldan's Strongly Typed Scripting Language will not work out.

 

 

 

Please think before post something

 

Your threads seem to always follow the same pattern: You come up with some weird idea, scream at anybody who tries to turn that into proper PHP, mark your own answer as the best one and come back a few days later.

 

Yeah, well, that doesn't look like a terribly productive hobby.

[JackBlackFor]

Your threads seem to always follow the same pattern: You come up with some weird idea, scream at anybody who tries to turn that into proper PHP, mark your own answer as the best one and come back a few days later.

 

Yeah, well, that doesn't look like a terribly productive hobby.

Wait, isn't that what you are doing? All I ever see you productivially doing is insult people's codes and call them garbage. So let's ask you a question then. Why is forums.devshed.com's community dead? Wait.... It's because you've driven everyone out of it and now you're on phpfreak's site to insult more people.

 

Like they say, if you don't have anything nice to say, don't say it at all. I mean even if someone's code is ugly looking or horrible. The best thing you could say is "Hey, you might want to redo this part because you could potientally get injected."

 

Not what you've been doing and saying "oh, your code is garbage." "It's from the 1990's garbage code."

No wonder why all I ever see on forums.devshed.com is the same old people with 30 K + posts. No one with 20 post and lower ever stay on there.

 

I mean if you really want people to like you, you should really choose a better approach then insulting their codes. I'm seeing the same pattern in your insults as you are seeing in OT's threads.

 

All you ever do is talk about security security security. And when someone actually does do security like you always preach. You say "Oh no, that's not the approach I would do." Like really? Just like that other thread I saw you insult. They've got a super good idea about IP Blocking hackers and yet you say it's a bad idea. So you're backing down on what you preach. All you ever do on these forums is troll people. Why don't you just let others get a legitimate answer besides your troll answers? People really need help and if you just want to be an ass to them. Then you shouldn't be here. I'm getting tired of you because this isn't forums.devshed.com where you can vote people down so they can't make anymore threads. Stop insulting people and expect your community to grow. I'm tired of seeing this troll insult people's codes. It's funny because they're beginners. It shames me that there's actually someone with such an unprofessional approach such as Jacques1.

Edited May 24, 2014 by JackBlackFor

[Jacques1]

You've registered only to complain about me? How flattering.

 

You seem to have a lot of false impressions, though. If you honestly want to talk about my posts or the problems of DevShed, send me a private message.

[eldan88]

Thank you very much blackfor ..well said.

 

For your information. "Eldan's Strongly Typed Scripting Language" is actually called type hinting, so why don't go do some reading before coming back to this forum.

 

"Enforcing specific data types in PHP makes no sense and is, in a way, incorrect" is the most dumbest sh**t I have ever heard someone say in this forum.

Here let me  teach you a thing or two.

http://www.copterlabs.com/blog/strict-vs-loose-comparisons-in-php/

 

And that "pattern" of my scream at anybody... is only with you. Because unlike you, other members of this forum come  with smart and helpful answers

Edited May 25, 2014 by eldan88

[.josh]

Enforcing specific data types in PHP makes no sense and is, in a way, incorrect.

 

PHP is a weakly typed language, that is, the programmer is generally free to replace any value with an “equivalent” value. For example, PHP doesn't care if you use the integer 123 or the string "123". Both should always have the same effect. The same applies to the boolean true and all truthy values.You may or may not like this, and there are arguments for either type model, but this is how PHP works. It's how people expect it to work.

 

If you insist on getting an actual boolean, you break this fundamental principle and actively work against the language. This creates a lot of confusion and code clutter and simply isn't good programming. The only exception is security-related code.

 

May I ask why you even want this? What's the point of the check?

Create confusion out of expecting something more explicit? Are you serious? There is already confusion. The confusion is already there because of the language being loosely typed. Since you always argue about security, you should be arguing for this, not against it. When a person fills out a form, you expect them to fill certain things out in certain formats. Unless it is arbitrary data, you enforce those formats. And even then, you still sanitize them to a non-dangerous format.

 

When you write a function, you write it to expect arguments. And you expect certain formats. And you throw exceptions or otherwise reject it if you don't. You expect this and you enforce it. Enforcing variable type is no different in principle. Sure, you make it "easier" on the person using your function to not have to worry about having to explicitly say "hey this is an integer" vs. "hey this is a string" but compare that to the work you have to do as the function writer to ensure that what you do with that "maybe string maybe integer" doesn't break your code. The irony of all this is if php were a strongly typed language, it would allow overloading which is more or less what you're already having to code for when you try to deal with an argument passed as different types.

 

 

Loose typing only goes so far, and php itself fails at it for most of its own functions. You write a function that expects an array but then you have to write some logic in case someone passes a string since they only want to pass one array element. Can php automatically handle this? No! Many of php's built-in functions will do this internally, but many don't. Good luck figuring out which ones do and which ones don't. String-to-Array not a good example? How about failure to accept an integer instead of string. Go ahead and try if (ctype_digit(123)) see what happens.

 

I am not wholesale saying loose typing is a bad thing, but in a world where code is shared and plugged into other code made by untold number of coders.. loose typing's philosophy of "just gimme whatever and i'll deal" doesn't help things. It hurts things. Standing up and saying "Hey you know what, this is what I expect you to give me" doesn't cause more confusion. It causes less confusion because there already is confusion because of it being loosely typed.

 

There are many people, including some of the @php.net people directly in charge of advancing the language itself, who believe that php being loosely typed is its Achilles's heel. The single biggest benefit of loose typing is it allows for more rapid development of code. However, a lot of people feel it's one of the reasons php attracts noob programmers and why there is a lot of shit code produced by shit programmers out there. Which is exactly what you are always bitching about, so I find it odd that you are arguing for it.

[eldan88]

@.josh Very well said. I totally agree with what you just said.

[Jacques1]

Please make sure you understand the other position before you start arguing against it. Two guys angrily yelling at a straw man looks rather silly.

 

Let's take a deep breath and turn this little bashing into an actual discussion.

 

So you absolutely hate the type system of PHP and can't deal with it? Cool. Pick another language. If you want to explicitly declare the types of variables, you may like Java. If you also want to prevent implicit conversions, you'll have to look into languages like Ada or Eiffel. Both have very strict type systems and will not let you do anything unexpected.

 

Personally, I'm not a big fan of PHP either, which is why I use Ruby most of the time. You're preaching to the choir.

 

But if you choose a language with an extremely weak type system and then start whining about weak typing, then that's, well, not very intelligent. It's like choosing Java only to complain about OOP.

 

Working against a language and trying to turn it into something different is a bad idea. You can clutter your PHP code with tons of manual type checks, but even then it will still be a weakly typed language. All core functions will still accept different types. So you basically end up with a mixture of both approaches: Your own functions use a kind of makeshift static typing, whereas the rest of PHP sticks to the classical weak system. I think that's the worst solution of all.

 

Of course you could rewrite the PHP type system itself, and this has actually been done a couple of times. That might be an option. But then again: If you dislike one of the core features of PHP, then why use PHP in the first place? Other languages have had strong typing from the very beginning and do it much better than any PHP hack.

 

I hope that clears it up. No, I'm not against strong typing. To the contrary. But if you want strong typing, PHP isn't really the best choice.

 

 

 

Since you always argue about security, you should be arguing for this, not against it. When a person fills out a form, you expect them to fill certain things out in certain formats. Unless it is arbitrary data, you enforce those formats. And even then, you still sanitize them to a non-dangerous format.

 

Security has very little to do with enforcing certain formats. The point is that the input is treated correctly.

 

For example, if an application is vulnerable to SQL injections, it makes little sense to blame the user for sending us a bunch of characters instead of a number or whatever we expected. This is all just harmless data. It's our fault that the application takes this harmless data and suddenly treats it as an actual SQL query. In other words, it's an interpretation problem, not an input problem.

 

In fact, mistaking data validation for a security feature can end up in a disaster. For example, a perfectly valid e-mail address may very well be used for an SQL injection or cross-site scripting. And a perfectly valid image can contain JavaScript code. And who says that a number is harmless in every context? Validation doesn't help you with this at all. The point is that the e-mail address is actually treated as an e-mail address, regardless of whether or not it's valid.

 

Formal validation is a problem of usability and data correctness, not security – leaving aside a few exceptions.

 

And for that matter, no, I don't think strong typing would suddenly increase the security of PHP applications. We'd still see SQL injections and cross-site scripting and whatnot. Maybe even more, because people might think that type safety magically solves all their security problems.

[eldan88]

Look at what you are saying right now. Your post makes zero sense.

 

 You are comparing apples to oranges. No one here is talking about Java or Ruby. 

 

We are clearly not whining about PHP loose typing structure.  .josh clearly stated "I am not wholesale saying loose typing is a bad thing"

 

We are just proving you wrong on your stupid remark you made about "Enforcing specific data types in PHP makes no sense and is, in a way, incorrect."

 

If you are not a big fan of PHP then why are you even here? Oh i think I know why... just start arguments with other people