On 2026-06-18 21:59, Sjoerd Langkemper wrote:
Hello,
Should base_convert raise a notice or warning when it cannot convert a
number precisely? On one hand, silent conversion to floating point is
just fact of life for PHP. But I would argue that in this case it is
unexpected because both the input and output are strings. The loss of
precision is documented in the manual, but it is not obvious from the
result, and it has clear security impact. What do you think?
Alternatively, could the base conversion be made via bcmath to retain
all the digits instead? Then not only will the "nicely random" string
remain nicely random, but the warning in the manual could be removed as
well.