Detailed explanation of how to use variable variable names in PHP

Detailed explanation of how to use variable variable names in PHP_PHP tutorial

WBOY

Release： 2016-07-13 10:49:28

Original

897 people have browsed it

This article will introduce to you how to use variable variable names in PHP. I have just learned about variable variable names. Let’s learn about them together.

Sometimes variable variable names bring great convenience to programming. That is to say, variable names can be named and used dynamically. Usually variables are named with statements like the following:

The code is as follows

Copy code

代码如下	复制代码
$a = 'hello'; ?>

$a = 'hello';
?>

代码如下	复制代码
$$a = 'world'; ?>

Variable variable names refer to using the value of a variable as the name of the variable. In the example above, you can set hello to the name of a variable by using two $ signs, like below.

The code is as follows	Copy code

代码如下	复制代码
echo "$a ${$a}"; ?>

$$a = 'world';

代码如下	复制代码
echo "$a $hello"; ?>

Through the above two statements, two variables are defined: variable $a, which contains "hello" and variable $hello, which contains "world". So, the following language:

The code is as follows

Copy code

echo "$a ${$a}";

The output is exactly the same as the following statement:

The code is as follows	Copy code

代码如下	复制代码
class foo { var $bar = 'I am bar.'; } $foo = new foo(); $bar = 'bar'; $baz = array('foo', 'bar', 'baz', 'quux'); echo $foo->$bar . "n"; echo $foo->$baz[1] . "n"; ?> 上面的例子将会输出下面的结果： I am bar. I am bar.

echo "$a $hello"; ?> They all output: hello world. In order to use mutable variable names for arrays, you need to resolve an ambiguity problem. That is, if you write $$a[1], the parser needs to understand whether you mean to treat $a[1] as a variable, or to treat $$a as a variable. [1] refers to this variable. index. The syntax to resolve this ambiguity is: use ${$a[1]} in the first case and ${$a}[1] in the second case. Class properties can also be accessed via mutable property names. Mutable property names are taken from the access scope of the variable in which the call is made. For example, if your expression is like this: $foo->$bar, then the runtime will look for the variable $bar in the local variable scope, and its value will be used as a property name of the $foo object. It can also be used if $bar is an array. Example 1 Variable variable name

The code is as follows	Copy code
class foo { <🎜> var $bar = 'I am bar.'; <🎜> } <🎜> <🎜> $foo = new foo(); <🎜> $bar = 'bar'; <🎜> $baz = array('foo', 'bar', 'baz', 'quux'); <🎜> echo $foo->$bar . "n"; echo $foo->$baz[1] . "n"; ?> The above example will output the following results: I am bar. I am bar.

Warning

Please note that variable variable names cannot be used for super global array variables in PHP functions and classes. The variable $this is also a special variable that cannot be dynamically named.

A brief discussion on PHP variable variable safety

Variable variables are a very convenient feature of PHP. As mentioned in the manual, variable variables mean that the variable name of a variable can be set dynamically!

So what security issues will arise if the variable name of the variable can be set dynamically? Take a look below:

The code is as follows

代码如下	复制代码
$a = 'phpinfo'; $a(); ?>

Copy code

$a = 'phpinfo';
$a();
?>

代码如下	复制代码
$a = 'phpinfo'; ${$a()}; ?> $a()

This code is easy to understand. The type of the variable is character phpinfo. () is added to the variable dynamically, so the variable becomes the phpinfo function and is executed dynamically!

Following the same principle we quote the example of mutable variables in the manual:

代码如下	复制代码
$a = "${${phpinfo()}}"; ?>

The code is as follows

Copy code

$a = 'phpinfo';
${$a()};
?>

$a()

代码如下	复制代码
$a = 'phpinfo()'; echo $a; //输出phpinfo()字符串 echo '$a'; //输出$a字符串 echo "$a"; //输出phpinfo()字符串 ?>

This dynamic function is put into a dynamic variable. Of course, my statement is a bit unprofessional. It is still a variable variable. We will find that the phpinfo function is still executed!

If you have read the manual and the example I gave, you must feel that this is not magical at all. This is the grammatical feature of PHP. Then we will further evolve this thing and shrink it into one line:

The code is as follows

Copy code

<🎜> $a = "${${phpinfo()}}";<🎜> <🎜> ?> This is two nested variable variables. We just filled in the contents of the variable variables ourselves according to the above example. In fact, we assigned a certain function to a certain variable, so the phpinfo function was finally executed. , it turned into a prototype of various vulnerabilities and webshells! After reading this, everyone should know why the experts asked me to read the PHP manual. However, this article ends here. We have missed one point. The experts said that security is the foundation. In fact, we have not yet done this. Let’s find out why the variables in the previous example use single quotes, while the final example uses double quotes. If you think about this problem, I think you must have great potential in security. I’m sure it will be the same in the future. Great guy! The difference between single quotes and double quotes in PHP is still related to variables. Take a look at the following example:

The code is as follows

Copy code

$a = 'phpinfo()';<🎜> echo $a; //Output phpinfo() string <🎜> echo '$a'; //Output $a string<🎜> echo "$a"; //Output phpinfo() string<🎜> ?> The content in double quotes will be parsed by PHP's syntax variables, while the content in single quotes will be directly qualified as a string! So this article really ends here, so everyone should understand why the great people told me to read more PHP manuals and safety is the foundation.