Phpinspectionsea: Verify types with null-coalescing operator on $_POST

Created on 9 May 2019 · 10Comments · Source: kalessil/phpinspectionsea

Current behaviour

Enabled inspection "Proper null-coalescing operator usage" with enabled checkbox "Verify complimentary operand types".

Code
$a = $_POST['a'] ?? false;
generates warning according to this inspection:

Expected behaviour

I think that for variables like $_POST/$_GET/$_REQUEST/... you should not check types. Because you cannot make any predictions about types of this variables.

Environment details

PhpStorm 2019.1.1
Build #PS-191.6707.66, built on April 17, 2019
JRE: 1.8.0_202-release-1483-b44 amd64
JVM: OpenJDK 64-Bit Server VM by JetBrains s.r.o
Windows 7 6.1

question

Source

drewblin

All 10 comments

in some of the inspections description, a link to a documentation can be found. but for "Proper null-coalescing operator usage" there is no link. Is there any information about his?

Because the warning also displays for:

$serverName = (string) ($_SERVER['SERVER_NAME'] ?? '');

I added the type cast to be sure it will be a string in the end. So there should be no warning, even if the type of $_SERVER['SERVER_NAME'] could sometimes be an array or something else.

Zutatensuppe on 9 May 2019

@Zutatensuppe: currently there is no documentation available, sorry. Also $_SERVER['SERVER_NAME'] ?? '' should not be reported, I'll check.

kalessil on 9 May 2019

@drewblin: I'd discourage using false values in this context and use default values instead, so the strictly typed code complexity is not increasing.
If the false-fallback generally used in the project, most probably the check-box needs to be un-checked.

kalessil on 9 May 2019

@kalessil Maybe for false-fallback you are right. But this code also generate warning:
$a = $_POST['a'] ?? 0;
And surround 0 in quotes only for skip warning isn't a good idea.

drewblin on 11 May 2019

@kalessil Maybe for false-fallback you are right. But this code also generate warning:
$a = $_POST['a'] ?? 0;
And surround 0 in quotes only for skip warning isn't a good idea.

why not

$a = (int)$_POST['a'] ?? 0;

$a = (bool)$_POST['a'] ?? false;

By nature, HTTP can only transmit strings (or arrays of strings). If you have to change types, you should do it as close to the source of data as possible. By casting the return of $_POST, you make sure that $a will contain the wanted type and the warning will be gone:
https://3v4l.org/JiPcR

orklah on 11 May 2019

👍1

@orklah As for me, main idea for operator ?? in this context is to assign default value if $_POST index does not exist. All your examples are written for existent index.
If index does not exist you will get php warning it this code:
$a = (int)$_POST['a'] ?? 0;

Right example will be:
$a = (int)($_POST['a'] ?? 0)

But this still generates inspection warning.
So i need to write:
$a = (int)($_POST['a'] ?? '0')

It looks not fine.

And in general, i don't want to use type casting. Later code, where i use $a will check/cast/convert it. So i just want to assign default value to $a. I know that $a should be integer, i expect integer. So default value like empty string is not good - i want show nature of variable. As of php is dynamic type language it is no mater for me $a === '0' or $a === 0.

That's a reason for creating issue.

drewblin on 11 May 2019

Oh! I see. Didn't thought about the PHP Warning.

Guess that makes sense then. When the goal is to assign a default value from an array that could be missing, there is just no "clean" code that would satisfy the inspection.

orklah on 11 May 2019

👍1

@Zutatensuppe : checked, '$_SERVER['SERVER_NAME'] ?? ''' is not getting reported with latest plugin version.

kalessil on 2 Sep 2019

@drewblin: the inspection has "Verify complimentary operands types" which should disable this behavior.

kalessil on 2 Sep 2019

I'd like to keep this behaviour for now, until we start getting similar tickets.

kalessil on 2 Sep 2019

Was this page helpful?

0 / 5 - 0 ratings