On 30 April 2015 at 02:17, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Current PHP: Search query failure. > New PHP type hint: Fatal error because foreign key is out of PHP int range.
There may be some confusion; NikiC is still doing some work to tidy up the EngineExceptions. When that is finished passing a variable of the wrong type will give a TypeException. > If user are using type hints everywhere, it may be limited to attackers > seeing fatal errors. If not, attacker can succeed system wide DoS attack by > simple operation. Passing in invalid primary keys should never result in a DoS attack...and I have no idea why you think it would be due to the presence or absence of scalar type hints. Yasuo wrote: > How many of us are expected that > mydb_find_by_id(INT_MAX+1); > Note: INT_MAX+1 is pseudo integer string value. Well currently it isn't: var_dump(PHP_INT_MAX + 1); float(9.2233720368548E+18) Yasuo wrote: > How about have "numeric" type hint that accepts any format/class(GMP) > of numeric values? > > The issue is that weak mode type hint is *not* weak at all. It forces to > have machine native type rather than it's data form. So what you're suggesting is adding a numeric type that acts like GMP and allow arbitrary precision arithmetic on values? Isn't that just GMP? Except you'd need to convert the variable to be 'numeric' before doing any operation on it i.e. something like: $x = (numeric)INT_MAX; mydb_find_by_id($x+1); Unless you're also suggesting replacing PHP's current maths operations... cheers Dan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
