I think something that deals with system commands should be highly obvious and should not be allowed through shortcut syntax that made it easy to be hidden amongst codes for many security reasons.
There's already a popular way without hidden syntax and which speaks of itself in a verifiable way called "exec", I'm not saying we should have it removed just because it isn't obviously popular or it doesn't affect anything for now; my argument is since we are moving to Version 8 of PHP, it should be deprecated for exec usage since they both do same thing and exec is highly obvious as a command function. This isn't high cost breaking changes coz it has a verifiable, ready alternative to upgrade to without huge Regex searches. Thanks, Samson. On Sat, Oct 5, 2019, 9:26 PM Andreas Hennings <andr...@dqxtech.net> wrote: > The first time I saw the backtick operator in code, I thought it must > be some kind of ancient alternative syntax for string literals. > (and no, I did not know that these are called "backticks") > > When I learned that code "quoted" in this way is immediately executed > as shell commands, this seemed like a completely insane and reckless > language design. > > In most projects, executing shell commands should be something rare, > and the few cases where it happens should be visible and searchable. > > Perhaps a legitimate use case would be a file that is essentially a > shell script with some PHP sprinkled in. > > But overall I think we should rather get rid of this feature. > > > On Sat, 5 Oct 2019 at 22:02, Lynn <kja...@gmail.com> wrote: > > > > > Hi! > > > > > > > This is true, if you know they are called a backtick. It's not a > > > > > > I think it's reasonable to expect some minimal level of knowledge from > > > the user. We're not targeting infants in the kindergarten here. So > while > > > we aim to not present too many obstacles to the novice user, we can > > > reasonably expect from them at least basic middle-school level > knowledge > > > and abilities - and occasional read of the documentation never killed > > > anybody either. > > > > > > > Hi, > > > > I didn't know the name of this character until several years after I > > started PHP, and I only found out because a colleague pointed it out to > me. > > I don't think it's a good idea to assume people know the name of this > > operator or known how to find it easily. Googling is a skill on its own > > that not everyone masters, as much as I'd like to see this in our field. > I > > also don't see how school knowledge is important here, especially as I > went > > to school and I did not learn about it there. Besides of this, there are > > also keyboard( layout)s that don't have a backtick character present. > > > > Regards, > > Lynn van der Berg > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
