[arp242]

One somewhat famous hidden landmine is in_array('0010e2', ['1e3']);

And that will return true, because you forgot the third "strict" parameter. This is really something strict_types could/should have fixed, but it doesn't.

You can have code reviews and static analysers and all of that to catch this, but it's definitely a landmine. I've seen some pretty serious CVEs that were fixed just by adding that last parameter to some in_array() call.

[zmxz]

But I didn't forget the third strict parameter, because I'm diligent in reading documentation and at my job.

Was that everything? You basically state there's a problem because you didn't use the function correctly and language didn't fall head over heels to stop you from doing silly things due to slopiness?

P.I.C.N.I.C.

[arp242]

People forget this things all the time because people's brains don't work like Spock's brain. There are plenty of junior programmers around that will have to be taught this. It's a footgun. Is it manageable? Sure; I already said that. But that doesn't make it not a footgun. Anyone who says anything else is not serious.

[zmxz]

Check this - if it's something important.. don't forget it and implement something called "function" that would pass the third parameter by default?

Anyone who is not capable of taking care of what you called footgun in a way where they automate - that person is not serious.

If there's a pretty huge problem - manage it. That's your job as programmer. If you're lazy, sloppy and prefer whining online over being proud of your work - there's no programming language that will take care of that for you.

[lexicality]

If a function that causes security vulnerabilities if you fail to read the documentation diligently doesn't count as a landmine to you, what does?

Please provide examples in other languages (eg rust) so that I can answer your original question properly and to your satisfaction

[zmxz]

No, it's not a function that causes it. It's the dev who is sloppy and causes issues. Would you blame the scalpel or brain surgeon for mishap while cutting important bits in the brain?

What kind of logic is this, to blame the tool because you have no clue how to use it?

[lexicality]

That's a very good analogy because they had to stop using scalpels in brain surgery because the surgeons kept making mistakes.

Tools must be designed so that they're difficult to use incorrectly. That's why we have guards and interlocks on any tool more complicated than a shovel.

[zmxz]

Function has 3 arguments. It's documented. Use cases are documented. You are trained. You ask for.. even more protection? From what? There's a limit to laziness, it takes more time to do this word-warrioring on HN than to learn how to use the function correctly and how to create a wrapper around it that serves as the protection you seek.

This really isn't that hard, we're not trying to travel to Mars.

[xigoi]

Would you buy a car that explodes every time you start it unless you press the “don’t explode” button? And would you blame the people who get killed by this car for not reading the documentation?

[zmxz]

So not knowing how to use a function in programming language is equivalent to a car exploding? Man, your logic is broken in ways that actually hurt.

[xigoi]

No, a function that does a wrong and dangerous thing by default unless you tell it otherwise is equivalent to a car exploding.

[shakesbeard]

That's why every serious PHP programmer is using a static code analysis tool nowadays.

It would easily catch this. https://phpstan.org/r/a827ff45-4ee2-4bee-8ae0-935832e627b3