Analysis of mistakes in single double quotation marks in PHP and hidden risks in double quotation marks, php double quotation marks

Analysis of mistakes in single double quotation marks in PHP and hidden risks in double quotation marks, php double quotation marks

Many Programmers think that single quotes and double quotes are the same in PHP. In fact, this depends on how they are used. They are indeed the same in some aspects, but there are also great differences in some aspects, let's talk about the differences for you today.

1. Generally, the two are generic. However, if a variable is written in double quotation marks, the parsing operation is executed, but the single quotation marks are not parsed? Let's take an example.

Now I see it!

2. The execution efficiency is different. The execution speed of single quotes is faster than that of double quotes. If it is a large program, you should pay attention to optimization. After all, PHP is an interpreted language. Therefore, if you use single quotes (fast speed) when there are only pure strings inside, and other items (such as variables) inside, double quotes will be more flexible.

PHP double quotes

Many PHP syntax features allow attackers to take advantage of them. For example, PHP detects variables in double quotes.

Run the following code:

Function test () {echo "abc";} echo "$ {@ test ()}"; // or echo $ {@ phpinfo ()};

The principle is as follows:

$ A = 'B'; $ B = 'a'; echo $ a; //

The above uses PHP variable variables. The variable content characteristics in double quotation marks {} can be parsed in double quotation marks, which makes little trouble. Do you understand this? Programmers should pay more attention to these misunderstandings and hidden dangers.