On 2022-01-13 John Lange wrote:
As a former professional PHP programmer and current hobbyist programmer (not in PHP though), I agree with Trevor. (disclaimer: I did not go back and re-read all the PHP threads on this topic).
Thanks John! I also agree with everything you said. (Sorry for the delayed response!)
function Foo { while ( $i < 5 ) if (!$i++) {} // ... (a whole bunch more lines of code go here) ..
while ( $i < 5 ) // inadvertently using the same variable because $i is your favorite 'counter' and you forgot you already used it if (!$i++) { } // This line never runs }
Good example, but the funny part is, even this bug would not be addressed by the new PHP initialization rules! The PHP change requires only this:
function Foo { $i=0; # <<<<<<<<<<<<<<<<<--------------------- while ( $i < 5 ) if (!$i++) {} // ... (a whole bunch more lines of code go here) ..
while ( $i < 5 ) // inadvertently using the same variable because $i if (!$i++) { } // This line never runs }
Which doesn't help this bug at all. Of course, no language can ever tell you you probably meant to add a second $i=0, thus proving my point that you can only hand-hold so much. The programmer has to be expected to be at a certain level of competency.
My other main point I made earlier, as it applies to your example is I can't envision a way that such a bug could be a security hole: not without coming up with a ridiculously contrived example. That's why when the VOTE YES side says "robustness" & "safety", I'm dubious.
But never the less the point is I agree that PHP should not have broken backward compatibility. By doing so it will force many sites to remain on PHP 7.x thereby opening up the very real possibility that a 7.x security vulnerability will get exploited and cause mass-grief (log4j anyone?).
That's a great point. I've already talked with some people who said their solution would probably be stick with 7 as long as possible, even past EOL date.