PHP 5.3 supports weird $ {} code?
I just upgraded to PHP 5.3 and started maintaining the old website for the new client. It seems to be using some pretty weird PHP code that I haven't met before.
When trying to access $ _GET or $ _REQUEST variables, the developer used the following: $ {"variable_name"}
I'm getting notifications thrown because of undefined variables (presumably because PHP doesn't parse the $ {"variable_name"} style code ).
Changing this to $ _ REQUEST ['variable_name'] works as expected, but I can't go through all their code and change it as the site is massive and uses its own layout methods. p>
Does anyone know if support for these tags / codeblocks can be enabled? I took a look at PHP.ini and there is a mention of ASP style tags and short tags, but including them has no effect (they look completely different, I just thought it was worth it).
source to share
I don't think there is anything new with this syntax:
$a = 10;
var_dump(${"a"});
Works fine, -)
The problem is probably related to the fact that it used to register_globals
be enabled (by default if PHP <= 4.something), and now it is disabled - which is good for security!
With register_globals set to On, any variable in is $_REQUEST
automatically injected as potential in your application - well, it really depends variables_order
, but that almost always includes Get, Post, and Cookie, at least.
For example, if you have a variable of type $_GET['my_var']
, you will also have a variable $my_var
... And this can also be accessed using the syntax${'my_var'}
Given that register_globals
the default matters Off
, as something like PHP 4.2, and should disappear in PHP 6 (if I remember correctly), I would advise not to reactivate it ... at least if you have the time. needed to fix / check the code ...
source to share
Curly brace syntax for variables has been a built-in part of PHP and has been around for quite some time. The reason it exists is to resolve ambiguities with arrays and object syntax when using variable variables.
From the manual:
To use variable variables with arrays, you have to solve the ambiguity problem. That is, if you write $$ a 1 , then the parser should know if you want to use $ a 1 as a variable, or if you want $$ a as a variable, then 1 from that variable. The syntax for removing this ambiguity is $ {$ a 1 } for the first case and $ {$ a} 1 for the second.
This is a very handy syntax in several situations, such as using array or object variables when outputting something using the heredoc syntax .
I will not repeat others' advice on usage register_globals
, I just wanted to outline this unusual syntax.
source to share
The syntax for $ {"variable_name"} is almost the same as $ variable_name, except that the contents of the curly braces are evaluated first. It is supported by all latest PHP versions, even beta versions. Something that is not supported in recent versions of PHP, but support for registering $ _REQUEST (and others) variables as global variables. There's a setting to enable:
register_globals = on
It is NOT recommended for use in production due to security concerns. You might find it easier to run the source through some "sed" -like tool and replace the custom with a regular expression.
source to share
The old server probably has REGISTER_GLOBALS
on. Therefore, strange parentheses are not a problem.
REGISTER_GLOBALS
puts all variables in $_REQUEST
as regular variables in the global scope, that is, you can access $_REQUEST['test']
which can be accessed, for example, $test
or${"test"}
The parenthesis syntax is on by default and I don't believe you can turn it on / off.
source to share
register_globals
was probably included. The syntax is {$variable_name}
always on, but register_globals
turns things like $_REQUEST['variable_name']
into $variable_name
.
Avoid including it if at all possible, though - there is a reason that hasn't been advised for a long time and is completely gone in PHP6.
source to share