I think the original goal of this RFC is to make PHP more expressive, and less clunky (look at Jav). This is a good goal and one much desired by the community, but I think the approach here isn't the right fit or way to achieve it
Writing code in strings is a DX nightmare, and static analysis challenge. PHP is improving onto a more verbose, typed, but exprsssive language, and this change would make that harder. I'm also thinking if this could become a LCE/RCE vulnerability in a type of eval() situation. Not a huge point but just an observation. Happy to re evaluate a new approach to solve the same problem that doesn't involve coding inside strings. On Fri, 18 Mar 2022, 14:09 Pierre, <pierre-...@processus.org> wrote: > Le 18/03/2022 à 15:02, Chase Peeler a écrit : > > On Fri, Mar 18, 2022 at 12:49 AM Theodore Brown <theodor...@outlook.com> > > wrote: > > > >> On Thu, Mar 17, 2022 at 5:40 PM Tobias Nyholm <tobias.nyh...@gmail.com> > >> wrote: > >> > >>> On Thu, 17 Mar 2022, 23:27 Ilija Tovilo, <tovilo.il...@gmail.com> > wrote: > >>> > >>>> Hi everyone > >>>> > >>>> I'd like to start discussion on a new RFC for arbitrary string > >>>> interpolation. > >>>> https://wiki.php.net/rfc/arbitrary_string_interpolation > >>>> > >>>> Let me know what you think. > >>> That is a cool idea. > >>> But I am not a big fan of having code in strings. > >>> Wouldn’t this open the door to all kinds of new attacks? > >> Do you have an example of a new kind of attack this would allow? > >> The proposal doesn't enable interpolation of strings coming from > >> a database or user input - it only applies to string literals > >> directly in PHP code. > >> > >> Personally I'm really looking forward to having this functionality. > >> Just a couple days ago I wanted to call a function in an interpolated > >> string, and it was really annoying to have to wrap the function in a > >> closure in order to use it. > >> > >> If this RFC is accepted I'd be able to replace code like this: > >> > >> $name = "Theodore Brown"; > >> $strlen = fn(string $string): int => strlen($string); > >> echo "{$name} has a length of {$strlen($name)}."; > >> > >> with > >> > >> $name = "Theodore Brown"; > >> echo "{$name} has a length of {$:strlen($name)}."; > >> > >> > > Out of curiosity, why not: > > $name = "Theodore Brown"; > > echo "{$name} has a length of ".strlen($name)."."; > > > > or even > > $name = "Theodore Brown"; > > $len = strlen($name); > > echo "{$name} has a length of {$len}."; > > I guess it's a matter of taste and convention. > > Sometime, it make sense and it's just easier to just use string > interpolation (for example with multiline templates). > > Regards, > > -- > > Pierre > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >
