- * Runtime assertions are checked throughout development. They supplement unit
- * tests by checking scenarios that do not have unit tests written for them,
- * and by testing the API calls made by all the code in the system.
- *
- * When using assert() keep the following in mind:
- * - Runtime assertions are disabled by default in production and enabled in
- * development, so they can't be used as control structures. Use exceptions
- * for errors that can occur in production no matter how unlikely they are.
- * - Assert() functions in a buggy manner prior to PHP 7. If you do not use a
- * string for the first argument of the statement but instead use a function
- * call or expression then that code will be evaluated even when runtime
- * assertions are turned off. To avoid this you must use a string as the
- * first argument, and assert will pass this string to the eval() statement.
- * - Since runtime assertion strings are parsed by eval() use caution when
- * using them to work with data that may be unsanitized.
+ * They supplement unit tests by checking scenarios that do not have unit tests
+ * written for them.
+ *
+ * There are two php settings which affect runtime assertions. The first,
+ * assert.exception, should always be set to 1. The second is zend.assertions.
+ * Set this to -1 in production and 1 in development.