On the available characters of PHP variables

Text: A brief introduction to PHP variables available characters

First of all, the name of the PHP variable naming rules, Baidu next catch a lot:
(1) PHP variable names are case-sensitive;
(2) The variable name must start with the dollar sign $;
(3) The beginning of the variable name can begin with an underscore;
(4) The variable name cannot begin with a numeric character.

In fact, all programming similar naming conventions are:
1. The first character of a variable is preferably a letter or _ and cannot begin with a number
2. The second character begins to allow numbers, letters, _

Well, that's pretty much it, but that's not the point we're talking about.
Today we are talking about the available characters of PHP variables, not just numbers, letters, _ Oh.

A few days ago QQ on a friend sent me a shell, is encrypted, whole garbled, but there are comments, called "God Shield Encryption" good domineering look.
It uses some of the more uncommon knowledge points, the most obvious is the variable name, so today we start with the variable.

Of course, I didn't find any authoritative material on the Internet. Strong description of the PHP variable name available characters information, so I can only test myself. (Bad English, no way Google to favorable evidence)
First look at the method I'm using (if you have a better way, you want to share it.) ）

<?phpif ($_post) {$CHR = Chr ($_post[' CHR ']); Eval (' $ '. $chr. "    = 1; ");    echo ' OK '; Exit;}? ><!doctype html>
The 
 Code is fairly straightforward, and the PHP section is only responsible for parsing each character as the result of the variable name being thrown out of the overflow. 
 such as character A will parse  eval  (' $a =1; ');     The result is sure to be fine, so no exception is thrown, and the result is the OK character. 
 If character-then resolves  eval  (' $-=1; ');     This is obviously wrong, so it throws  php Parse error : Syntax error, unexpected '-', expecting t_variable or ' $ '     and OK characters. 
 The following Ajax section is using the return result as ' OK ' to determine if it is a valid variable name. 
 See what happens after the execution: 
"\x41, \x42, \x43, \x44, \x45, \x46, \x47, \x48, \x49, \x4a, \x4b, \x4c, \x4d, \x4e, \x4f, \x50, \x51, \x52, \x53, \x54, \ X55, \x56, \x57, \x58, \x59, \x5a, \x5f, \x61, \x62, \x63, \x64, \x65, \x66, \x67, \x68, \x69, \x6a, \x6b, \x6c, \x6d, \x6  E, \x6f, \x70, \x71, \x72, \x73, \x74, \x75, \x76, \x77, \x78, \x79, \x7a, \x7f, \x80, \x81, \x82, \x83, \x84, \x85, \x86, \x87, \x88, \x89, \x8a, \x8b, \x8c, \x8d, \x8e, \x8f, \x90, \x91, \x92, \x93, \x94, \x95, \x96, \x97, \x98, \x99, \x9a, \ x9b, \x9c, \x9d, \x9e, \x9f, \xa0, \xa1, \xa2, \xa3, \xa4, \xa5, \xa6, \xa7, \xa8, \xa9, \xaa, \xab, \xac, \xad, \xae, \xa  F, \xb0, \xb1, \xb2, \xb3, \xb4, \xb5, \xb6, \xb7, \xb8, \XB9, \xba, \xbb, \XBC, \XBD, \xbe, \XBF, \xc0, \xc1, \xc2, \xc3, \xc4, \xc5, \xc6, \xc7, \xc8, \xc9, \xca, \XCB, \XCC, \xcd, \xce, \XCF, \xd0, \xd1, \xd2, \xd3, \xd4, \xd5, \xd6, \xd7, \ Xd8, \XD9, \xda, \xdb, \xdc, \xdd, \xde, \XDF, \xe0, \xe1, \xe2, \xe3, \xe4, \xe5, \xe6, \xe7, \xe8, \xe9, \xea, \xeb, \xe C, \xed, \xee, \xef, \XF0, \xf1, \xf2, \xf3, \xf4, \xf5, \xf6, \xf7, \xf8, \xf9, \xfa, \XFB, \XFC, \xfd, \xfe, \xff " 
After finishing found that this is the 16 data, of course, do not understand it's okay to look at the results after escaping:
"A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, _, A, B, C, D, E, F, G, H, I, J, K, L, M, N , O, p, Q, R, S, T, U, V, W, X, Y, Z,,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,? ,?,?,?,?,  , ¡,¢,£,¤,¥,¦,§,¨,©,ª,«,¬,, ®,¯,°,±,²,³,´,µ,¶,,¸,¹,º,»,¼,½,¾,¿,à,á,â,  Ã,ä,å,æ,ç,è,é,ê,ë,ì,í,î,ï,ð,ñ,ò,ó,ô,õ,ö,x,ø,ù,ú,û,ü,ý,þ,ß,à,á,â,ã,ä,å,æ,ç,è,é,ê,ë, Ì,í,î,ï,ð,ñ,ò,ó,ô,õ,ö,÷,ø,ù,ú,û,ü,ý,þ,ÿ "
 In addition to the previous a-z_a-z is familiar to us, the back of those messy things can also be used as a normal variable name, simply incredible. The 
 is actually just PHP expands the character range of the variable name, above the a-z_a-z, the variable usable character range extends to the \x7f-\xff. 
 Therefore, the first character range should be [a-za-z_\x7f-\xff]  
 So if the second character is the same, we continue with the test. 
  eval  (' $ '.  $CHR . " =1; ");     Change to  eval  (' $a '.  $CHR . " =1; ");     Save tests, 
"\x9, \xa, \xd, \x20, \x30, \x31, \x32, \x33, \x34, \x35, \x36, \x37, \x38, \x39, \x41, \x42, \x43, \x44, \x45, \x46, \x47 , \x48, \x49, \x4a, \x4b, \x4c, \x4d, \x4e, \x4f, \x50, \x51, \x52, \x53, \x54, \x55, \x56, \x57, \x58, \x59, \x5a, \x5f, \x61, \x62, \x63, \x64, \x65, \x66, \x67, \x68, \x69, \x6a, \x6b, \x6c, \x6d, \x6e, \x6f, \x70, \x71, \x72, \x73, \x74, \x \x76, \x77, \x78, \x79, \x7a, \x7f, \x80, \x81, \x82, \x83, \x84, \x85, \x86, \x87, \x88, \x89, \x8a, \x8b, \x8c, \x8d , \x8e, \x8f, \x90, \x91, \x92, \x93, \x94, \x95, \x96, \x97, \x98, \x99, \x9a, \x9b, \x9c, \x9d, \x9e, \x9f, \xa0, \xa1, \xa2, \xa3, \xa4, \xa5, \xa6, \xa7, \xa8, \xa9, \xaa, \xab, \xac, \xad, \xae, \xaf, \xb0, \xb1, \xb2, \xb3, \xb4, \xb5, \x B6, \xb7, \xb8, \XB9, \xba, \xbb, \XBC, \XBD, \xbe, \XBF, \xc0, \xc1, \xc2, \xc3, \xc4, \xc5, \xc6, \xc7, \xc8, \XC9, \xca , \XCB, \XCC, \xcd, \xce, \XCF, \xd0, \xd1, \xd2, \xd3, \xd4, \xd5, \xd6, \xd7, \xd8, \xd9, \xda, \xdb, \xdc, \XDD, \xde, \XDF, \xe0, \xe1, \xe2,\xe3, \xe4, \xe5, \xe6, \xe7, \xe8, \xe9, \xea, \xeb, \xec, \xed, \xee, \xef, \xf0, \xf1, \xf2, \xf3, \xf4, \xf5, \xf6, \x F7, \xf8, \xf9, \xfa, \XFB, \XFC, \xfd, \xfe, \xff "
 Found the results of a lot of characters, in fact, some of us are to be removed, such as \x20  is actually a space, equivalent to   eval  (' $a =1; ');    , of course, can be carried out normally. 
 In addition to spaces, and \t\r\n are removed because these are also PHP syntax said to allow \t=\x9 , \n= \xa , \r=\xd , so we're going to get rid of the first 4 data in the results \x9 , \xa , \xd , \x20 , 
 The results are actually just a lot more  \x30, \x31, \x32, \x33, \x34, \x35, \x36, \x37, \x38, \ x39     People who are familiar with ASCII may see it at a glance, this is the number 0-9  
 So the first character range should be [\W\X7F-\XFF]  The regular is not ripe may feel how is not [0-9a-za-z_\x7f-\xff] , \w is 0-9a-za-z _
Perhaps someone would say $$a; ${$a}; What about such a variable?
I think this is out of the scope of the variable name, isn't it.
OK, about the PHP variable available characters of the knowledge point sharing is complete, if there is any wrong, please leave a message, I will promptly correct to avoid misleading everyone.
My guess: ASCII range 0-127 (\x00-\x7f), Latin1 range 0-255 (\x00-\xff), maybe PHP is extending the scope to Latin1 Character set, of course, I have not read the PHP source code, can only be said to be a conjecture.
After @holine remind, I went to turn over the official website Handbook, sure enough to find, well, I also took so much effort to test,
View Data http://www.php.net/manual/zh/language.variables.basics.php
On the available characters of PHP variables