PHP RFC: In Operator

• Version: 0.5.1
• Date: 2015-03-15
• Authors: Niklas Keller me@kelunik.com, Bob Weinand bobwei9@hotmail.com
• Status: Declined
• First Published at: http://wiki.php.net/rfc/in_operator

This RFC adds a new in operator which simplifies contains checks for strings and arrays. The in operator makes these checks way more readable and lowers the cognitive load. Additionally, it also works for Traversable.

Checking if a specific input in an allowed range of value is a very common check in web application, therefore this operator simplifies those checks (and besides makes them a little bit faster). Currently, we have to use in_array($needle, $haystack, true) or strpos($haystack, $needle) !== false. These functions have a inconsistent parameter order, so it's hard to remember which is the right one for each. Additionally, omitting the third parameter for in_array is very common which led to security vulnerabilities in the past.

Add a new operator (expr1) in (expr2). It checks whether expr2 contains expr1.

It uses strict comparison (===) for array values / instances of Traversable and doesn't search recursively.

$contains = "foo" in ["a", "b", "c"]; // false
$contains = "foo" in ["foo", "bar"]; // true
$contains = "foo" in [["foo"], ["bar"]]; // false
$contains = "0e0" in ["0"]; // false, because of strict comparison
$contains = 0 in ["0"]; // false, because of strict comparison
 
$contains = ["foo"] in [["foo"], ["bar"]]; // true
$contains = ["foo"] in ["foo"]; // false

Traversables are only iterated until there's a match.

function gen () {
    yield "foo";
    yield "bar";
    // code below here wouldn't be executed if "bar" matches
    // because it stops if there's a match.
}
 
$contains = "bar" in gen(); // true
$contains = "baz" in gen(); // false

If $haystack is a string, it's a simple contains check.

$contains = "foo" in "foobar"; // true
$contains = "php" in "foobar"; // false

Other expressions than mixed in array|Traversable or string in string throw an EngineException.

It's strict because otherwise something like “foo” in [0] would pass.

It should have the same precedence as instanceof, so it's possible to negate it:

if (!$input in $validValues) {
    // ...
}

New reserved keyword in. This affects function, constant and class, but not class constant and method names, because it depends on the context sensitive lexer being merged.

Next major release, at the time of writing PHP 7.

A T_IN constant for use with ext/tokenizer has been added.

There could be a syntax that allows to check for multiple values at once, e.g.

$contains = ...["foo", "bar"] in ["foo", "baz", "bar"];

Requires a 2/3 majority. Even if it passes, it will only get merged if the context sensitive lexer gets merged.

Introduce the in operator?
Real name	Yes	No
aharvey
ajf
ben
bishop
brandon
bwoebi
damz
danack
duodraco
eliw
fa
fibbarth
galvao
indeyets
irker
jedibc
jwage
kinncj
klaussilveira
leigh
lstrojny
mbeccati
mike
mj
ocramius
patrickallaert
pauloelr
philstu
pollita
ralphschindler
ramsey
rdohms
rmf
salathe
santiagolizardo
sebastian
seld
stas
stelianm
subjective
theseer
till
timo
wiesemann
yohgaki
yunosh
zeev
Final result:	21	26
This poll has been closed.

Voting started on 2015-03-15 and ends on 2015-03-29.

• https://github.com/php/php-src/pull/1121

Keep this updated with features that were discussed on the mail lists.

• v0.5: Removed integer support, so the strictness is consistent.
• v0.4: Removed possibility to check multiple values using an array.