And that is just a small sample.There is a whole lot of action at a distance. Consider this code, taken from the PHP docs somewhere.@fopen('http://example.com/not-existing-file', 'r');
What will it do?
- If PHP was compiled with
--disable-url-fopen-wrapper
, it won’t work. (Docs don’t say what “won’t work” means; returns null, throws exception?) Note that this flag was removed in PHP 5.2.5.- If
allow_url_fopen
is disabled in php.ini, this still won’t work. (How? No idea.)- Because of the
@
, the warning about the non-existent file won’t be printed.- But it will be printed if
scream.enabled
is set in php.ini.- Or if
scream.enabled
is set manually withini_set
.- But not if the right
error_reporting
level isn’t set.- If it is printed, exactly where it goes depends on
display_errors
, again in php.ini. Orini_set
.I can’t tell how this innocuous function call will behave without consulting compile-time flags, server-wide configuration, and configuration done in my program. And this is all built inbehavior.
Tuesday, April 10, 2012
PHP: a fractal of bad design
Wow, I did not know PHP was that bad. [Link]
No comments:
Post a Comment