I've got an instance of a DB object that's passed to a Session object, because the Session object has several methods that make use of DB object to execute SQL statements I had plan to store this DB object in Session object property.
Through testing I found that print_r
exposed the DB object stored in the Session object property; included in the output was the db user/password.
So my idea was to store the DB object in a private static member, to prevent this info from being disclosed whenever print_r
is called on the Session object.
Is this acceptable, or just plain bad use of static member?
What's recommended way of preventing private object property from disclosed during print_r
?
Here's code sample.
Before:
class Session
{
public __construct(DB $db)
{
$this->db = $db;
}
}
After:
class Session
{
private static $db;
pubic __construct(DB $db)
{
self::$db = $db;
}
}