tags:

views:

375

answers:

6
+1  Q: 

PHP 5.3 support for strange '${}' code?

I've just upgraded to PHP 5.3 and started supporting an old website for a new client. It seems to use rather odd PHP code which I've not come across before.

Whilst trying to access $_GET or $_REQUEST variables, the developer has used the following: ${"variable_name"}

I get notices generated due to undefined variables (presumably because PHP is not parsing the ${"variable_name"} style code).

Changing this to $_REQUEST['variable_name'] works as expected, but I can't go through all their code and change it as the site is massive and uses proprietry layout methods.

Does anyone know if it's possible to switch on support for these tags / codeblocks? I've taken a look in PHP.ini and there is a mention of ASP style tags and short tags but enabling these has no effect (they look totally different anyway, I just thought it was worth a shot).

+2  A: 

The old server probably has REGISTER_GLOBALS on. So the weird brackets aren't the problem.

REGISTER_GLOBALS puts all the variables in $_REQUEST as regular variables in the global scope, meaning you can access $_REQUEST['test'] can be accessed like $test or ${"test"}

The bracket syntax is on by default, and I don't believe you can turn it on/off.

Chacha102  2009-08-24 17:17:35
+2  A: 

register_globals was likely switched on. {$variable_name} syntax is always on, but register_globals turns things like $_REQUEST['variable_name'] into $variable_name.

Avoid switching it on if at all possible, though - there's a reason it's been long advised against, and it's going away entirely in PHP6.

ceejayoz  2009-08-24 17:17:45
typo, it's likely switched OFF
Bart van Heukelom  2009-11-30 15:36:43
+12  A: 

I don't think there is anything new with that syntax :

$a = 10;
var_dump(${"a"});

Works just fine ;-)


You problem is probably due to the fact that, before, register_globals was enabled (by default, if PHP <= 4.something), and is now disabled -- and that is good for security !

With register_globals set to On, any variable in $_REQUEST is automatically injected as a vartiable in your application -- well, actually, this depends on the variables_order configuration option, but this one almost always includes Get, Post, and Cookie, at least.

For instance, if there is a variable like $_GET['my_var'], you will also have a $my_var variable... And this one can also be accessed with the syntax ${'my_var'}


Considering register_globals is Off by default since something like PHP 4.2, and should disappear in PHP 6 (if I remember correctly), I would advise against re-activating it... at least, if you have the time required to correct / test the code...

Pascal MARTIN  2009-08-24 17:17:57
Thank you, I've not come across that way of doing things before! Seemed strange to me at first, but then there seems to be many ways of doing one thing in PHP
atomicguava  2009-08-24 17:25:32
There are LOTS (too many, some would say ^^ ) of ways of doing one thing ^^
Pascal MARTIN  2009-08-24 17:31:28
+3  A: 

The ${"variable_name"} syntax is practically the same as $variable_name, except that the contents of the curly braces are evaluated first. It is supported by all recent versions of PHP, even the beta versions. What is not supported by recent versions of PHP though is the support of registering $_REQUEST (and other) variables as global variables. There's a setting for enabling it:

register_globals = on

It is NOT recommended for production use because of security issues though. It may be easier to run you source through some 'sed'-like tool and replace the usages with regular expression.

Filip Navara  2009-08-24 17:19:12
+2  A: 

Curly brace syntax for variables is an embedded part of PHP, and has been around for quite awhile. The reason it exists is to resolve ambiguities with arrays and object syntaxes when using variable variables.

From the manual:

In order to use variable variables with arrays, you have to resolve an ambiguity problem. That is, if you write $$a[1] then the parser needs to know if you meant to use $a[1] as a variable, or if you wanted $$a as the variable and then the [1] index from that variable. The syntax for resolving this ambiguity is: ${$a[1]} for the first case and ${$a}[1] for the second.

It's a very handy syntax in several situations, such as using array or object variables while outputting something using heredoc syntax.

I won't reiterate the advice by others about using register_globals, I just wanted to expound on this unusual syntax.

zombat  2009-08-24 17:28:57
A: 

register_globals is deprecated as of php 5.3 and will be removed as of php 6.0. What you want to do is use the Refactoring feature found in most PHP IDE's (zendo studio 6+) to rename the variable to something more appropriate, ie $_GET['variable_name'].

jusunlee  2009-08-24 21:45:25

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases