PHP variable name using the method of detailed _php tutorial

Source: Internet
Author: User
Tags phpinfo
This article to the students about the variable name of PHP use method, this is just known variable variable name, we come together to learn.


Sometimes variable names can be a great convenience for programming. This means that variable names can be dynamically named and used. The usual variables are named by the following statements:

The code is as follows Copy Code

$a = ' Hello ';
?>


A mutable variable name refers to the use of a variable's value as the name of the variable. In the example above, by using two $ symbols, you can set the hello to a variable name, as in the following.

The code is as follows Copy Code
$ $a = ' world ';
?>

With the above two statements, two variables are defined: The variable $ A, the contents are "Hello" and the variable $hello, the content is "world". So, the following language:

The code is as follows Copy Code

echo "$a ${$a}";
?>

Exactly the same as the output of the following statement:

The code is as follows Copy Code

echo "$a $hello";
?>

They all output: Hello world.

In order to use the variable variable name of the array, you need to solve a ambiguity problem. That is, if you write $ $a [1], the parser needs to know whether you mean to use $a[1] as a variable, or to use the $ $a as a variable, [1] to refer to the index of the variable. The syntax for solving this ambiguity is: The first case uses ${$a [1]}, and the second case uses ${$a}[1].

Class properties can also be accessed through variable property names. A mutable property name is obtained from the access scope of the variable where the call is generated. For example, if your expression is this: $foo-$bar, the runtime will look for the variable $bar within the scope of the local variable, and its value will be a property name for the $foo object. If the $bar is an array, it can be used.

Example 1 variable variable name

The code is as follows Copy Code

class Foo {
var $bar = ' I am bar ';
}

$foo = new Foo ();
$bar = ' Bar ';
$baz = Array (' foo ', ' Bar ', ' baz ', ' Quux ');
$bar Echo $foo. "N";
$baz echo $foo [1]. "N";
?>

The above example will output the following results:

I am Bar.

I am Bar.

Warning

Note that mutable variable names cannot be used on PHP functions and super Global array variables in classes. Variable $this is also a special variable that cannot be named dynamically.

Discussion on PHP variable variable security


Variable variables are a very handy feature of PHP, as the manual says, variable variables mean that variable names of variables can be set dynamically!

So what are the security issues when variable names of variables can be set dynamically? Here's a look at:

The code is as follows Copy Code

$a = ' phpinfo ';
$a ();
?>


This code is easy to understand, the type of the variable is the character type phpinfo, the variable dynamic plus (), so the variable becomes the Phpinfo function dynamic execution!



By the same principle we cite examples of variable variables in the manual:

The code is as follows Copy Code
$a = ' phpinfo ';
${$a ()};
?>

$a ()

This dynamic function is put into the dynamic variable, of course, I am a bit unprofessional, or mutable variable, we will find that the Phpinfo function is still executed!



Read the manual and I gave this example, you must think that this is not magic, this is the syntax of PHP, and then we have to evolve this thing into a line:

The code is as follows Copy Code

$a = "${${phpinfo ()}}";

?>

This is a variable variable of 2 nested, we just follow the above example to fill in the contents of the variable variable, in fact, to assign a function to a variable, so the Phpinfo function finally executed, also became a variety of loopholes and Webshell prototype!



See here everyone should know, why originally Daniel asked me to see PHP Handbook, but this article to the end of it, I also missed a little, Daniel said that the security is the foundation, we actually did not make this thing clear, why the previous example of the variable is used in single quotation marks, and the final example of the following is a double quotation mark, If you think of this problem, I think you do security must have great potential, after the guarantee is a Daniel!



The difference between single and double quotes in PHP is also related to variables, see the following example:

The code is as follows Copy Code
$a = ' phpinfo () ';
echo $a; Output phpinfo () string
echo ' $a '; Output $ A string
echo "$a"; Output phpinfo () string
?>

The contents of the double quotes are then parsed by PHP's syntax variables, and the contents of the single quotes are directly qualitative to the string!



So this article to really end here, so everyone should also understand, at the beginning of the cow why and I said more read PHP handbook and security is the basis of profound meaning.

http://www.bkjia.com/PHPjc/632705.html www.bkjia.com true http://www.bkjia.com/PHPjc/632705.html techarticle This article to the students about the variable name of PHP use method, this is just known variable variable name, we come together to learn. Sometimes variable variable names are given ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.