为什么php中存在二进制安全AND二进制不安全函数？ [英] Why are there binary safe AND binary unsafe functions in php?

问题描述

这种行为/实现是否有任何原因？例如：

Is there any reason for this behavior/implementation ?
Example:

$array = array("index_of_an_array" => "value");
class Foo {
    private $index_of_an_array;
    function __construct() {}   
}
$foo = new Foo();
$array = (array)$foo;
$key = str_replace("Foo", "", array_keys($array)[0]);
echo $array[$key];

给我们一个错误已完成：

注意未定义的索引：第9行

示例＃2：

Example #2:

echo date("Y\0/m/d");

输出：

2016

2016

BUT！ echo 或者 var_dump（），例如，以及其他一些函数，将按原样输出字符串，浏览器只隐藏\0字节。

BUT! echo or var_dump(), for example, and some other functions, would output the string "as it is", just \0 bytes are being hidden by browsers.

$string = "index-of\0-an-array";
$strgin2 = "Y\0/m/d";
echo $string;
echo $string2;
var_dump($string);
var_dump($string2);

输出：

数组索引

Y / m / d

字符串（18）数组索引

string（6）Y / m / d

index-of-an-array
"Y/m/d"
string(18) "index-of-an-array"
string(6) "Y/m/d"

注意， $ string lenght是18，但显示的是17个字符。

Notice, that $string lenght is 18, but 17 characters are shown.

编辑

来自可能重复和 php手册：

密钥可以是整数或字符串。值可以是任何类型。
包含有效整数的字符串将强制转换为整数类型。例如。键8实际上将存储在8下。另一方面，08将不会被转换，因为它不是有效的十进制整数。简而言之，任何字符串都可以成为关键。字符串可以包含任何二进制数据（最大2GB）。因此，密钥可以是任何二进制数据（因为字符串可以是任何二进制数据）。

The key can either be an integer or a string. The value can be of any type. Strings containing valid integers will be cast to the integer type. E.g. the key "8" will actually be stored under 8. On the other hand "08" will not be cast, as it isn't a valid decimal integer. So in short, any string can be a key. And a string can contain any binary data (up to 2GB). Therefore, a key can be any binary data (since a string can be any binary data).

来自 php字符串详细信息：

字符串可以组成的值没有限制;特别是
，字符串值为0（NUL字节）允许字符串中的
（但是，一些函数，在本手册中说不是
二进制安全，可以将字符串移交给在NUL字节后忽略数据
的库。）

There are no limitations on the values the string can be composed of; in particular, bytes with value 0 ("NUL bytes") are allowed anywhere in the string (however, a few functions, said in this manual not to be "binary safe", may hand off the strings to libraries that ignore data after a NUL byte.)

但我仍然不明白为什么语言是这样设计的？这种行为/实施有原因吗？为什么PHP不能将输入作为二进制安全处理，只是在某些函数中？

But I still do not understand why the language is designed this way? Are there reasons for this behavior/implementation? Why PHP does'nt handle input as binary safe everywhere but just in some functions?

来自评论：

原因很简单，许多PHP函数如 printf 在幕后使用C库的实现，因为PHP开发人员很懒。

The reason is simply that many PHP functions like printf use the C library's implementation behind the scenes, because the PHP developers were lazy.

不是那些如 echo ， var_dump ， print_r ？换句话说，输出某些东西的函数。如果我们看一下我的第一个例子，它们实际上是二进制安全的。对我来说，实现一些二进制安全和二进制不安全的输出功能是没有意义的。或者只是使用一些，因为它们在C中的std lib中并编写一些全新的函数。

Arent those such as echo, var_dump, print_r ? In other words, functions that output something. They are in fact binary safe if we take a look at my first example. Makes no sense to me to implement some binary-safe and binary-unsafe functions for output. Or just use some as they are in std lib in C and write some completely new functions.

推荐答案

简短回答为什么只是历史。

PHP最初编写为脚本C函数的一种方式，因此可以在生成HTML时轻松调用它们。因此， PHP字符串只是C字符串，它们是任何字节的集合。因此，在现代PHP术语中，我们会说没有什么是二元安全的，只是因为它没有计划成为其他任何事情。

PHP was originally written as a way to script C functions so they could be called easily while generating HTML. Therefore PHP strings were just C strings, which are a set of any bytes. So in modern PHP terms we would say nothing was binary-safe, simply because it wasn't planned to be anything else.

早期的PHP并不是一种新的编程语言，并且有机地发展，Lerdorf回想起来了：我不知道如何阻止它，从来没有任何编写语言的意图[...]我完全不知道如何编写编程语言，我只是在路上添加了下一个逻辑步骤。

Early PHP was not intended to be a new programming language, and grew organically, with Lerdorf noting in retrospect: "I don’t know how to stop it, there was never any intent to write a programming language […] I have absolutely no idea how to write a programming language, I just kept adding the next logical step on the way."

随着时间的推移，语言越来越多，以支持更精细的字符串处理功能，许多人将字符串的特定字节考虑在内并成为二元安全。根据最近写的正式的PHP规范：

关于如何将字符串中的字节转换为字符是未指定的。虽然字符串的用户可能会选择将特殊语义归为具有值 \0 的字节，但从PHP的角度来看，这样的空字节没有特殊含义。 PHP不假设字符串包含任何特定数据或为任何字节或序列分配特殊值。

As to how the bytes in a string translate into characters is unspecified. Although a user of a string might choose to ascribe special semantics to bytes having the value \0, from PHP's perspective, such null bytes have no special meaning. PHP does not assume strings contain any specific data or assign special values to any bytes or sequences.

作为一种有机增长的语言，没有采用与C不同的方式普遍处理字符串的举动。因此，函数和库在具体情况下是二元安全的。

As a language that has grown organically, there hasn't been a move to universally treat strings in a manner different from C. Therefore functions and libraries are binary-safe on a case-by-case basis.

这篇关于为什么php中存在二进制安全AND二进制不安全函数？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！