($var == TRUE) or (TRUE == $var)?
Interesting little trick I picked up a while back, been meaning to blog about it.
Prior to enlightenment, I used to write conditionals something like this:
if ($var == SOME_CONSTANT_CONDITION) { // do something }
... more specifically:
if ($var == TRUE) { // do the true thing } That's how I'd "say" it, so that's how I wrote it. But is it the best way? I now don't think so. When reviewing other peoples' code (often from C programmers), I've seen "backwards" conditionals.. something like: ```php if (TRUE == $var) { // ... }
Which just sounds weird. Why would you compare a constant to a variable (you'd normally compare a variable to a constant).
So, what's the big deal?
Well, a few months back, I stumbled on an old article about a backdoor almost sneaking into Linux.
Here's the almost-break:
if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL;
Ignore the constants, I don't know what they mean either. The interesting
part is current->uid = 0
See, unless you had your eyes peeled, here, it might look like you're trying to ensure that current->uid is equal to 0 (uid 0 = root on Linux). So, if options blah blah, AND the user is root, then do something.
But wait. There's only a single equals sign. The comparison is "==". "=" is for assignment!
Fortunately, someone with good eyes noticed, and Linux is safe (if this had made it into a release, it would've been trivial to escalate your privileges to the root level).. but how many times have you had this happen to you? I'm guilty of accidentally using "=" when I mean "==". And it's hard to track down this bug.. it doesn't LOOK wrong, and the syntax is right, so...
This is nothing new. Everyone knows the = vs == problem. Everyone is over it (most of the time). But how can we reduce this problem?
A simple coding style adjustment can help enormously here.
Consider changing "$var == TRUE" to "TRUE == $var".
Why? Simple:
sean@iconoclast:~$ php -r '$a = 0; if (FALSE = $a) $b = TRUE;' Parse error: parse error in Command line code on line 1
Of course, you can't ASSIGN $a to the constant FALSE. The same style applied above would've caused a a similar error in the C linux kernel code:
if ((options == (__WCLONE|__WALL)) && (0 = current->uid ))
Obviously, "0" is a constant value--you cannot assign a value to it. The missing "=" would've popped up right away.
Cool. Seems a little awkward at first, but in practice, it make sense.
HTH.