Talking about available characters of PHP Variables

Let's talk about the naming rules of php variables:
(1) PHP variable names are case sensitive;
(2) The variable name must start with the dollar sign $;
(3) A variable name can start with an underscore;
(4) The variable name cannot start with a number.

In fact, the naming rules for all programming are similar:
1. the first character of the variable is preferably a letter or _. It cannot start with a number.
2. The second character can start with a number, letter ,_

Well, that's almost the case, but this is not the point we're going to focus on.
Today, let's talk about the available characters of PHP variables, not just numbers, letters,.

A friend sent me a shell on QQ a few days ago. It was encrypted and garbled, but there was a comment on it, which is called "shield encryption.
Some uncommon knowledge points are used, the most obvious of which is the variable name. So let's start with the variable today.

Of course, I did not find any authoritative materials on the Internet to strongly illustrate the available characters of PHP variable names, so I can only test it myself. (Poor English, no good evidence for Google)
First, let's take a look at the method I used. (If you have a better method, I hope to share it with you .)

<? ( = (['chr'('$'.."=1;" 'ok'?><!doctype html>
The code is relatively simple. The PHP part is only responsible for parsing each character as the variable name and whether the execution result will throw overflow.
For example, Character a will be parsed ('$ a = 1;'); such a result is certainly no problem, so no exception will be thrown, and the returned result is the OK character.
If the character is-, it will be parsed ('$-= 1;'); this is obviously incorrect, so it will throw: syntax error, unexpected '-', expecting T_VARIABLE or '$' and OK characters.
The following ajax component uses whether the returned result is 'OK' to determine whether it is a valid variable name.
Let's see what the execution result is:
"\x41, \x42, \x43, \x44, \x45, \x46, \x47, \x48, \x49, \x4a, \x4b, \x4c, \x4d, \x4e, \x4f, \x50, \x51, \x52, \x53, \x54, \x55, \x56, \x57, \x58, \x59, \x5a, \x5f, \x61, \x62, \x63, \x64, \x65, \x66, \x67, \x68, \x69, \x6a, \x6b, \x6c, \x6d, \x6e, \x6f, \x70, \x71, \x72, \x73, \x74, \x75, \x76, \x77, \x78, \x79, \x7a, \x7f, \x80, \x81, \x82, \x83, \x84, \x85, \x86, \x87, \x88, \x89, \x8a, \x8b, \x8c, \x8d, \x8e, \x8f, \x90, \x91, \x92, \x93, \x94, \x95, \x96, \x97, \x98, \x99, \x9a, \x9b, \x9c, \x9d, \x9e, \x9f, \xa0, \xa1, \xa2, \xa3, \xa4, \xa5, \xa6, \xa7, \xa8, \xa9, \xaa, \xab, \xac, \xad, \xae, \xaf, \xb0, \xb1, \xb2, \xb3, \xb4, \xb5, \xb6, \xb7, \xb8, \xb9, \xba, \xbb, \xbc, \xbd, \xbe, \xbf, \xc0, \xc1, \xc2, \xc3, \xc4, \xc5, \xc6, \xc7, \xc8, \xc9, \xca, \xcb, \xcc, \xcd, \xce, \xcf, \xd0, \xd1, \xd2, \xd3, \xd4, \xd5, \xd6, \xd7, \xd8, \xd9, \xda, \xdb, \xdc, \xdd, \xde, \xdf, \xe0, \xe1, \xe2, \xe3, \xe4, \xe5, \xe6, \xe7, \xe8, \xe9, \xea, \xeb, \xec, \xed, \xee, \xef, \xf0, \xf1, \xf2, \xf3, \xf4, \xf5, \xf6, \xf7, \xf8, \xf9, \xfa, \xfb, \xfc, \xfd, \xfe, \xff"
After sorting, we found that the hexadecimal data is like this. Of course, it doesn't matter if you don't understand it. Let's look at the escaped results:
"A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, _, a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z, , ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,  , ¡, ¢, £, ¤, ¥, ¦, §, ¨, ©, ª, «, ¬, ­, ®, ¯, °, ±, ², ³, ´, µ, ¶, ·, ¸, ¹, º, », ¼, ½, ¾, ¿, À, Á, Â, Ã, Ä, Å, Æ, Ç, È, É, Ê, Ë, Ì, Í, Î, Ï, Ð, Ñ, Ò, Ó, Ô, Õ, Ö, ×, Ø, Ù, Ú, Û, Ü, Ý, Þ, ß, à, á, â, ã, ä, å, æ, ç, è, é, ê, ë, ì, í, î, ï, ð, ñ, ò, ó, ô, õ, ö, ÷, ø, ù, ú, û, ü, ý, þ, ÿ"
In addition to the previous A-Z_a-z is familiar to us, the things behind it can also be used as a normal variable name, it is incredible.
In fact, only PHP expands the character range of the variable name, on the A-Z_a-z, the variable available character range extended to \ x7f-\ xff.
Therefore, the first character range should be
The second character can also be used. Let's continue the test.
Change the ('$' .. "= 1;") in the above php code to ('$ a' .. "= 1;"); Save the test,
"\x9, \xa, \xd, \x20, \x30, \x31, \x32, \x33, \x34, \x35, \x36, \x37, \x38, \x39, \x41, \x42, \x43, \x44, \x45, \x46, \x47, \x48, \x49, \x4a, \x4b, \x4c, \x4d, \x4e, \x4f, \x50, \x51, \x52, \x53, \x54, \x55, \x56, \x57, \x58, \x59, \x5a, \x5f, \x61, \x62, \x63, \x64, \x65, \x66, \x67, \x68, \x69, \x6a, \x6b, \x6c, \x6d, \x6e, \x6f, \x70, \x71, \x72, \x73, \x74, \x75, \x76, \x77, \x78, \x79, \x7a, \x7f, \x80, \x81, \x82, \x83, \x84, \x85, \x86, \x87, \x88, \x89, \x8a, \x8b, \x8c, \x8d, \x8e, \x8f, \x90, \x91, \x92, \x93, \x94, \x95, \x96, \x97, \x98, \x99, \x9a, \x9b, \x9c, \x9d, \x9e, \x9f, \xa0, \xa1, \xa2, \xa3, \xa4, \xa5, \xa6, \xa7, \xa8, \xa9, \xaa, \xab, \xac, \xad, \xae, \xaf, \xb0, \xb1, \xb2, \xb3, \xb4, \xb5, \xb6, \xb7, \xb8, \xb9, \xba, \xbb, \xbc, \xbd, \xbe, \xbf, \xc0, \xc1, \xc2, \xc3, \xc4, \xc5, \xc6, \xc7, \xc8, \xc9, \xca, \xcb, \xcc, \xcd, \xce, \xcf, \xd0, \xd1, \xd2, \xd3, \xd4, \xd5, \xd6, \xd7, \xd8, \xd9, \xda, \xdb, \xdc, \xdd, \xde, \xdf, \xe0, \xe1, \xe2, \xe3, \xe4, \xe5, \xe6, \xe7, \xe8, \xe9, \xea, \xeb, \xec, \xed, \xee, \xef, \xf0, \xf1, \xf2, \xf3, \xf4, \xf5, \xf6, \xf7, \xf8, \xf9, \xfa, \xfb, \xfc, \xfd, \xfe, \xff"
The result contains many characters, but some of them need to be removed. For example, they are actually spaces, which are equivalent to ('$ a = 1, of course, it can be executed normally.
In addition to spaces, \ t \ r \ n is removed because these are also permitted by the PHP syntax \ t =, \ n =, \ r =, so we need to remove the first four data in the result ,,,,
The final result is only \ x30, \ x31, \ x32, \ x33, \ x34, \ x35, \ x36, \ x37, \ x38, \ x39 people familiar with ascii may see it at a Glance. This is a number.
So the first character range should be unfamiliar with the regular expression. Maybe it's not. In fact, \ w is 0-9a-zA-Z _
Maybe someone will say $ ;$ {}; what about such variables?
I think this is out of the variable naming range, isn't it.
Now, I have shared the knowledge about available characters in php variables. If anything is wrong, please leave a message and I will correct it in time to avoid misleading everyone.
My guess: the ascii range is 0-127 (-), and latin1 ranges from 0-255 (-). Maybe PHP expands the range to the latin1 character set. Of course, I have not read the PHP source code, it can only be a conjecture.
 
@ Holine reminds me that I have gone through the manual on the official website and found it. Well, I have spent so much effort on testing,
View data http://www.php.net/manual/zh/language.variables.basics.php