Work in progress
A set of core PHP functions rewritten to throw exceptions instead of returning false when an error is encountered.
Most PHP core functions have been written before exception handling was added to the language. Therefore, most PHP functions
do not throw exceptions. Instead, they return false in case of error.
But most of us are too lazy to check explicitly for every single return of every core PHP function.
// This code is incorrect. Twice.
// "file_get_contents" can return false if the file does not exists
// "json_decode" can return false if the file content is not valid JSON
$content = file_get_contents('foobar.json');
$foobar = json_decode($content);The correct version of this code would be:
$content = file_get_contents('foobar.json');
if ($content === false) {
throw new FileLoadingException('Could not load file foobar.json');
}
$foobar = json_decode($content);
if (json_last_error() !== JSON_ERROR_NONE) {
throw new FileLoadingException('foobar.json does not contain valid JSON: '.json_last_error_msg());
}Obviously, while this snippet is correct, it is less easy to read.
Enters thecodingmachine/safe aka Safe-PHP.
Safe-PHP redeclares all core PHP functions. The new PHP functions are acting exactly as the old ones, except they are
throwing exceptions properly when an error is encountered. The "safe" functions have the same name as the core PHP
functions, except they are in the Safe namespace.
use function Safe\file_get_contents;
use function Safe\json_decode;
// This code is both safe and simple!
$content = file_get_contents('foobar.json');
$foobar = json_decode($content);Yeah... but I must explicitly think about importing the "safe" variant of the function, for each and every file of my application. I'm sure I will forget some "use function" statements!
Fear not! thecodingmachine/safe comes with a PHPStan rule.
Never heard of PHPStan before? Check it out, it's an amazing code analyzer for PHP.
Simply install the Safe rule in your PHPStan setup (explained in the "Installation" section) and PHPStan will let you know each time you are using an "unsafe" function.
The code below will trigger this warning:
$content = file_get_contents('foobar.json');Function file_get_contents is unsafe to use. It can return FALSE instead of throwing an exception. Please add 'use function Safe\file_get_contents;' at the beginning of the file to use the variant provided by the 'thecodingmachine/safe' library.
Use composer to install Safe-PHP:
$ composer require thecodingmachine/safeHighly recommended: install PHPStan and PHPStan extension:
$ composer require --dev thecodingmachine/phpstan-safe-ruleNow, edit your phpstan.neon file and add these rules:
includes:
- vendor/thecodingmachine/phpstan-safe-rule/phpstan-safe-rule.neonYou have a large legacy codebase and want to use "Safe-PHP" functions through all you project? PHPStan will help you finding these functions but changing the namespace of the functions one function at a time might be a tedious work.
Hopefully, Safe comes bundled with a "Rector" configuration file. Rector is a command-line tool that performs instant refactoring of your application.
First, you need to install Rector:
$ composer require --dev rector/rector ^0.3Now, you simply need to run Rector with this command:
vendor/bin/rector process src/ --config vendor/thecodingmachine/safe/rector-migrate.ymlNote: do not forget to replace "src/" with the path to your source directory.
Important: the refactoring is only performing a "dumb" replacement of functions. It will not modify the way "false" return values are handled. So if your code was already performing error handling, you will have to deal with it manually.
Especially, you should look for error handling that was already performed, like:
if (!mkdir($dirPath)) {
// Do something on error
}This code will be refactored by Rector to:
if (!\Safe\mkdir($dirPath)) {
// Do something on error
}You should then (manually) refactor it to:
try {
\Safe\mkdir($dirPath));
} catch (\Safe\FilesystemException $e) {
// Do something on error
}There are a number of issues withstanding before releasing 1.0
Read the release article on TheCodingMachine's blog if you want to learn more about what triggered the development of Safe-PHP.
The files that contains all the functions are auto-generated from the PHP doc. Read the CONTRIBUTING.md file to learn how to regenerate these files and to contribute to this library.