- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Still, we are talking about Americans here, so you're probably right.
BTW, I apologise for inadvertently suggesting that a pre-teen would have to be precocious to work with PHP. Such a pre-teen would, obviously, have to be either brain-damaged or else led astray by a smelly old man in a dirty raincoat.
Admin
I was wondering if someone would mention this. First Gabrielle that came to my mind!
Anyway, this article should have been delayed a week... cabbage goes with St. Patrick's Day!
Admin
Admin
The legendary "The Real WTF" is that Gabriel didn't understand why cabbage was needed and why it was a wtf. It takes an idiot to write the code, and a moderate programmer to point out the wtf, but it should also be obvious just why it is a wtf. This just shows how poor understanding of loose typing and strict comparison php programmers have in general.
It amazes me that a number of people are confused with strpos when it says right in the manual why strpos is returning zero and that it may also return false and how to use !== false. Then we have these people concating cabbages to strings and other dumbells thinking it's funny but they don't quite know why. Read The Freaking Manual, dimwits!!!
Admin
Surely a more sophisticated solution would be to have a database of assorted vegetables, and maybe some fruit.
Then the code could select a vegetable randomly from the database. Or it could have a veg of the day for each day of the week... stop me someone!
Captcha: howdy is my name. IS_HOWDY is my test.
Admin
php isnt so bad. while there are shining examples of how not to code php(see the sourceforge project oscommerce) there are also alot of well coded web apps that use php. its just a matter of having a coder who understands that having register globals turned on is a BAD thing.
Admin
It can be used as a boolean expression: just look at wtf code. That makes it a boolean expression in my book, but then again, I'm a big fan of duck-typing.
Admin
That's because shell scripting isn't evaluated like a real language. It just expands variables, then evaluates the command. So if $HAVE_AVCODEC is actually empty, then the command expands to
instead of
which is invalid syntax for 'test' and the script will abort.
Admin
It's for security purposes.
Perhaps I can paraphrase ComaVN. A function that returns two values with entirely different meanings that can only be distinguished by using ===, which hence requires you to do an explicit comparison against a boolean literal in a condition? There's your WTF. (So I guess it's a little different than what Coma said as I blame the library design rather than the language.)
(At least IMO.)
Admin
That whole 'x' idiom dates from a time when there was a system with a 'sh' that would treat even an empty double-quoted string ("") as not an argument. Thankfully, things have gotten better since then, and AFAIK that system is long dead.
Unfortunately, many people who do it Don't Understand, and are simply trying to appease the gods of shell programming.
(Of course, that's also not defensive shell programming: what if HAVE_AVCODEC contained multiple words?)
Somewhat related, one of my first UNIX WTFs (long long ago 8-) was finding out that when you use:
"[" is actually a symlink to 'test'.
Admin
The real WTF is using three hyphens --- to equal one dash —.
alt+0151
Admin
The language itself is loose-typed and a programmer should know this when working with it. strpos is perfect for not one but two uses: it can detect the position of a string within a string, if you want to do something for the string in that position, on the other hand it can be used just to detect if the string is in the other string at all. If the function would return -1 indicating that string was not found, this would still be a completely different meaning than the start-position of a string.
Tell me, what should the function return, when the function checks the place where a string begins, and the string is not found? It can't return 0, cos that's not where the string is found. SHould it throw an exception "string not found"? there most certainly are cases when a string is not found from string and the function needs to return some sort of answer for those cases and the programmer needs to be aware of this. I don't care if it's false, 'cabbage', FILE_NOT_FOUND or -1, the fact remains that it still returns two different kinds of answer: position of found string or some indication that the string was not found at all.
The very nature of this function is ambiguous: it will always return two different kinds of answers: one for when the string is found and another when it is not found. The person who writes the code should check the function reference for the two cases and write the code accordingly.
Admin
Admin
Me too, check this one from dotnet 2.0 out
Admin
Rahhhh he said the forbidden name !
Admin
Admin
The 'coder' should be initializing their variables and using the superglobal arrays. If they do this then the "register globals" directive will have no effect on their scripts.
In any case, this directive has apparently been removed from PHP 6.0.0.
I think functions should have a defined return type even in dynamically-typed languages. If not explicitly by the language contruct than by the language designers and developers as a good programming practice.
It's generally true that in order to process a function's return value you need to know what type of value it is. It would save the programmer a check if the designers of php, and other dynamically typed languages, would design the langauge in this way.
No functions come to mind that need to return different types... Anybody have an example of this?
Admin
Admin
Admin
For all of PHP's weirdness, strpos() really can't return -1 for "String not found." That's because -1 is a valid character position in a string, and false is not.
However, anybody who writes a strpos function to return both positive and negative indexes should be shot.
Admin
Actually thats a high-security system. They obfuscate ADMIN to they are going to be a less likely target for all those cool hacks...
Admin
I've seen stranger strings before...
Admin
Yep. In Spanish, feminization of Gabriel, is Gabriela. Gabriel==male is pretty much universal.
That said ... thats some security ...
Admin
I agree that it works and it's useful in some instances, but I think a find() function is also useful in that it is more clear to the programmer that you don't care where the substring is so long as it is in the searched string. Unfortunately, a quick scan of the PHP string functions does not reveal such a function. Is there no 'find' function in PHP?
It might also be a faster process (though not by much) because the position doesn't need to be tracked. It's definitely a lot easier to read.
It's not returning two different kinds of answers. It's returning one of two answers: the "address" or "index" of the start of the substring; or simply "the substring was not found".
The problem with PHP's strpos() function (and arguably dynamic-typing in general) is that it represents these answers in two different data types - in this case either an integer or a boolean. Since data types are handled differently in any programming language with data types, it is necessary to write your code with this in mind: often requiring special consideration in processing.
If PHP's strpos() function simply returned -1 when the substring was not found (an [unsigned] integer, the same type as the index is returned in and as far as I can tell not a valid index for the substring to be located at) than processing of the return value would be simple, as I illustrated in an earlier post.
Are you sure a negative index is a valid character position in a string? I'm not doubting you, but the strpos() manual page doesn't seem to mention negative return values.
If negative indexes are legal what does a negative index mean?
Admin
When you put it like that it sounds more reasonable. It still seems like there should be a better way, but I'm not sure what it is.
I think the biggest issue I have with it is that it requires an explicit comparison to a boolean when used in a conditional. Most people around here hate it when people do if(a == false) or if(a == true), and yet this is requiring you to, so even though I'm lighter in my opinion than most seem to be on doing the above, requiring you to do it still seems off to me.
If you return -1 you still have to do a comparison in the if, but at least it's not to a boolean.
Of course, if -1 is a valid return value... then there goes that option.
Admin
The correct way to use the "x" trick is like so:
if [ x"${SOME_VAR}" = x ]; then echo "Yay!" else echo "Boo. :(" fi
There's nothing wrong with the trick if you understand it and know when to use it.
Admin
Just in case it's not obvious to everyone, an empty shell variable is not the same as empty quoted string!
Admin
The authentication works just fine: apparently the author wanted to make sure the user was a human and not a cabbage or something.
Hail Eris!
Admin
Admin
It's totally different in C++/Java/whatever where you don't have automatic type casting, where the compiler will yell at you for trying to compare an array to a date. Php will silently accept them and make the best of them, and in most cases this is fine when your comparing integer strings to integers. No need for cumbersome atoi's and such! But every now and then you bump into strpos and such, and you actually need to do some typechecking before letting php guess how to compare them. That's where the type-specific comparison is needed. It's as simple as that. In php it's not a crime or a wtf to compare something to false. Some might call it a workaround, I see it as a language feature. The wtf is that php programmers in general are not aware of this...
Well it's not valid. Don't know what that fellow has been smoking who suggested it, but a string match can't start at a negative index. 0 is the lowest value it may return. If it could in fact be a negative index then what the hell would it mean? The string matches to the non-existing character before the first one?. That just makes no sense.Admin
somebody needs to rtfm:
Warning
This function may return Boolean FALSE, but may also return a non-Boolean value which evaluates to FALSE, such as 0 or "". Please read the section on Booleans for more information. Use the === operator for testing the return value of this function.
Admin
The manual doesn't say anything about strpos returning a negative integer.
This entire thing just seems like a matter of personal preference. If it returned -1 instead of FALSE, then you'd still have to do something like:
if (strpos($mystring, $findme) != -1) { ...Which is no more or less complicated than:
if (strpos($mystring, $findme) !== FALSE) { ...The following wouldn't work:
if (strpos($mystring, $findme)) { ...Because
is a loose comparison, and -1 evaluates to TRUE in a loose comparison.Therefore, making strpos return -1 instead of FALSE would just lead to as many WTFs if we assume that the programmer won't even read the documentation on strpos and loose/strict comparisons (as happened here). You just end up with CodeSODs like...
$searchResult = strpos($mystring, $findme); settype($searchResult, 'string'); if ($searchResult[0] != '-') { ...Admin
But does array[''] ==== array[0]?
Admin
I love staticly-typed languages and don't mind having to convert data types; especially when a means are provided for me. It's extremely pretty in VB .NET, for example:
intInteger = Convert.ToInt32(strString)
It could be possible that a negative represents a specific condition, and represents it similar to a flag, and the index is really the positive number.For example, a return value of 3 means the substring begins at the 3rd position, but a return value of -3 means the substring begins at the 3rd position and there are more instances in the string?
That is only an example since I don't agree with returning a negative index, but I'm sure some languages do. I'm not sure if it is true for PHP.
Admin
php > $array = array('' => 'foo'); php > var_dump($array[''] == $array[0]); bool(false)????
Admin
We never said it was more 'complicated'. It is, in my opinion, not as logical. An if statement implicitly evaluates a boolean condition. Having to specify this is, as I explain above, not considered as clean. Also, a quick glance can confuse === with == or !== with !===. They are very similar and their meanings are also very similar, but different enough to matter.
This is extremely important when the font of your editor makes == look like two solid lines. Judging the length of two (==) is easier than three (===). Also you see === and !== a lot less often and some people don't know the difference.
The point is that === and !== are 3/!1.
I much prefer to see ($something != -1) than ($something !== false).
Besides, consider their meaning:
Admin
There are definite distinctions between programming languages and scripting languages. You wouldn't use standard C to build a website and you wouldn't use Perl to create a desktop application.
PHP is a scripting langugage, so it allows you to evaluate many items (empty string, 0, false, null) as being false. This simplifies the development of scripts and allows maximum flexibility for building powerful web apps. Strongly-typed variables/expressions have no business in a scripting language.
Admin
hopes he's not the only one in the room that gets the reference
Admin
hopes he's not the only one in the room that gets the reference
Admin
strpos is the wrong function to use here. Since "Cabbage" is to fix the case when "admin/" is at the start of PHP_SELF, that must be what we're looking for.
in C, strstr would be the function to use to test for "string a is in string b", but it's slower than strpos in PHP, probably due to memory allocation for the return value. plus, we still only want "admin/" at the start of the string.
strncmp($_SERVER['PHP_SELF'], "admin/", strlen("admin/")) is more correct and faster in the general case.
PHP really needs a built-in boolean "starts_with" and "str_contains".
Admin
Was the duplicate for effect or a common Web (not you, the >>Web<<) flaw in practice?
Admin
Well !=== isn't an operator. Our choices are:
== !=
!==
If code readability is the name of your game, you could just do:
if (strstr($mystring, $findme)) { ...Admin
In this case it would be more appropriate to have a string wide search - not something like starts_with - thought it's true starts_with sounds like a better solution if the only admin directory is in the root of the site.
str_contains would be useful and probably more correct in the case of many admin directories, which is what I meant by 'find' in an earlier post.
How do you know that PHP's scripted strpos() function is faster than strstr() in compiled applications written in C? Logic tells me (no experience with actual performance comparisons or profiling) that a compiled language performing a very similar task has the potential to do it faster than a scripted language.
Besides, what about strstr() in C++ (apparently they differ) or using string methods of the std::string class in C++?
(My favorite languages are C and C++... I don't like to hear about scripting languages out performing them)
Admin
Admin
I wrote it in my dark period :(
captcha: wigwam.... wigwhat?
Admin
I prefer the word "please" for things like this.
SELECT custID FROM (SELECT custID FROM Customers) please if ( strpos( strtolower("Please" . $_SERVER["PHP_SELF"]) , "/admin" ) )
Admin
captcha: stinky. Which is what an already bad joke becomes once you have to explain it.
Admin
But for at least this case, you need to take special consideration anyway. That is, the calling code needs to account for each of those two answers, and handle each case accordingly.
That means that the answer "substring not found" needs to be distinguishable from a valid index. The real WTF ;) is not with dynamic typing, but with the fact that PHP considers "", 0, NULL and FALSE all to be false boolean values. That means you have to use a type-strict comparison to distinguish an index of 0 from a boolean FALSE return value.
I've found Ruby's approach much easier (having spent a lot of time in both languages): nil and false are considered false, while "", 0, 1, 5389, true, :foobar (a symbol), "bazquux", and anything else other than nil and false are considered true. Thus, the Ruby-equivalent calling code can do the if (strpos(foo, bar)) comparison with impunity, and The Right Thing(tm) will happen.
http://us3.php.net/substr
A negative index means the index from the end of the string. Thus if strpos() returned -1 on failure, it would muddy the semantics of the type "string index".
Admin
strstr. Search a string for a string. Just like strchr is searching a string for a character.
It may not be the most intuitive name, but at least if you know PHP and you're reading C code and encounter strstr and don't know what it does you know to look it up. I'm not that good at PHP; if I'm reading PHP and see strpos($str1, $strb) I'm probably not going to realize that if it can't find the search string it will return a value that can be confused with 0.
(Of course, the fact that they are using strpos in an if statement alone would raise a bit of a flag... though I might think it's being used as a prefix operation.)
It's probably just a language comfort issue more than anything though.
Admin