php - 为什么在 php 中存在二进制安全和二进制不安全函数？

Question

这种行为/实现有什么原因吗？
示例:

$array = array("index_of_an_array" => "value");
class Foo {
    private $index_of_an_array;
    function __construct() {}   
}
$foo = new Foo();
$array = (array)$foo;
$key = str_replace("Foo", "", array_keys($array)[0]);
echo $array[$key];

给我们一个错误是完整的:

NOTICE Undefined index: on line number 9

示例 #2:

echo date("Y\0/m/d");

输出:

2016

BUT! 例如，echo 或 var_dump() 以及其他一些函数会“按原样”输出字符串，只有\0 个字节被浏览器隐藏。

$string = "index-of\0-an-array";
$strgin2 = "Y\0/m/d";
echo $string;
echo $string2;
var_dump($string);
var_dump($string2);

输出:

index-of-an-array
"Y/m/d"
string(18) "index-of-an-array"
string(6) "Y/m/d"

请注意，$string 的长度为 18，但显示了 17 个字符。

编辑

来自 possible duplicate和 php manual :

The key can either be an integer or a string. The value can be of any type. Strings containing valid integers will be cast to the integer type. E.g. the key "8" will actually be stored under 8. On the other hand "08" will not be cast, as it isn't a valid decimal integer. So in short, any string can be a key. And a string can contain any binary data (up to 2GB). Therefore, a key can be any binary data (since a string can be any binary data).

来自 php string details :

There are no limitations on the values the string can be composed of; in particular, bytes with value 0 (“NUL bytes”) are allowed anywhere in the string (however, a few functions, said in this manual not to be “binary safe”, may hand off the strings to libraries that ignore data after a NUL byte.)

但是我还是不明白为什么语言要这样设计？这种行为/实现是否有原因？为什么 PHP 不能在所有地方将输入作为二进制安全处理，而只是在某些函数中处理？

来自 comment :

The reason is simply that many PHP functions like printf use the C library's implementation behind the scenes, because the PHP developers were lazy.

echo、var_dump、print_r 不是吗？换句话说，输出一些东西的函数。如果我们看一下我的第一个例子，它们实际上是二进制安全的。对我来说，为输出实现一些二进制安全和二进制不安全的函数毫无意义。或者只是使用 C 中标准库中的一些函数并编写一些全新的函数。

Answer 1

“为什么”的简短回答只是历史。

PHP 最初是作为编写 C 函数脚本的一种方式编写的，以便在生成 HTML 时可以轻松调用它们。因此 PHP 字符串只是 C 字符串，它是一组任意字节。所以在现代 PHP 术语中，我们会说没有什么是二进制安全的，仅仅是因为 it wasn't planned to be anything else .

Early PHP was not intended to be a new programming language, and grew organically, with Lerdorf noting in retrospect: "I don’t know how to stop it, there was never any intent to write a programming language […] I have absolutely no idea how to write a programming language, I just kept adding the next logical step on the way."

随着时间的推移，该语言逐渐支持更精细的字符串处理函数，其中许多将字符串的特定字节考虑在内并变得“二进制安全”。根据最近撰写的 formal PHP specification :

As to how the bytes in a string translate into characters is unspecified. Although a user of a string might choose to ascribe special semantics to bytes having the value \0, from PHP's perspective, such null bytes have no special meaning. PHP does not assume strings contain any specific data or assign special values to any bytes or sequences.

作为一种有机发展的语言，还没有以不同于 C 的方式普遍处理字符串。因此，函数和库在个案基础上是二进制安全的。