> The amount of PHP you need to know to avoid the sharp edges depends on the complexity of your application and what you're trying to do.
Not really. You aren't insulated from the edge cases until your application reaches a certin number of lines, at which point PHP flips the switch and you get the edge cases.
The edge cases are there and affect you from the smallest program right up to the largest, it's just that with larger programs you're more likely to hit them because you have more code. The target is bigger.
So you're saying if I do a simple PHP status page that is only rendering data from a static JSON file into some HTML (which is basically all I'd use PHP for these days) it requires me to know a pile of edge cases?
Does someone making a simple a PHP application on a home NAS that isn't exposed to the outside world need to worry about SQL injection from their kids?
Are you saying that PHP is only suitable for trivial non user-facing apps? We are in agreement!
The reason you need to know all the edge cases though is because when you write a sigle line of PHP you need to know how to avoid the edge cases in that single line.
Just because you are writing a short program doesn't mean the edge cases aren't there. Array keys getting converted to numbers doesn't suddenly start to become a problem when you hit 300k lines.
If you don't know the edge cases then when you do need to write something more complex, or larger, or user facing, PHP is a terrible choice because there are so many edge cases that they are hard to completely internalise.
Wouldn't it be better to write in something that isn't such a terrible footgun?
Not really. You aren't insulated from the edge cases until your application reaches a certin number of lines, at which point PHP flips the switch and you get the edge cases.
The edge cases are there and affect you from the smallest program right up to the largest, it's just that with larger programs you're more likely to hit them because you have more code. The target is bigger.