On 22-Oct-06, at 5:48 PM, Lukas Kahwe Smith wrote:
Derick Rethans wrote:
On Sun, 22 Oct 2006, Richard Quadling wrote:
With the recent discussion on E_STRICT and the waste of cpu
cycles ...
Why is mktime(0, 0, 0, 0, 0, 0) generating E_STRICT?
What is unstrict about this?
Why is important to use time() instead?
It's quicker.
as I just said on IRC:
i think an e_strict in that place is wrong .. for example the
parameters could have been user supplied and you simply check that
the parameters are integers
That is a weak argument, validation is not just "is the data type
correct or not" it should also perform content checks. Not
understanding of this basic practice is probably why there are so
many insecure PHP applications out-there.
if e_strict is our way of telling users about back practices, we
should really have a consensus on this list about what constitutes
a bad practice.
You are working under the assumption that mktime(0) and alike will
continue working in future versions, that may not end up being the case.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
