2023-05-03 11:06:20 +02:00
== Why is this an issue?
2023-05-11 14:07:39 +02:00
Variable variables in PHP allow you to use the value of a variable as the name of another variable.
This feature can be useful in dynamic programming scenarios where variable names need to be dynamically determined and manipulated.
2021-04-28 16:49:39 +02:00
2023-05-11 14:07:39 +02:00
=== What is the potential impact?
2021-04-28 18:08:03 +02:00
2023-05-11 14:07:39 +02:00
The use of variable variables in PHP can make code harder to read and understand, as it introduces a level of indirection and can lead to confusion.
It can also increase the risk of security vulnerabilities, such as allowing user input to directly manipulate variable names, potentially leading to injection attacks or unintended behavior.
2021-04-28 16:49:39 +02:00
2023-05-11 14:07:39 +02:00
==== Noncompliant code example
[source,php,diff-id=1,diff-type=noncompliant]
2021-04-28 16:49:39 +02:00
----
$var = 'foo';
$$var = 'bar'; //Noncompliant
$$$var = 'hello'; //Noncompliant
echo $foo; //will display 'bar'
echo $bar; //will display 'hello'
----
2021-04-28 18:08:03 +02:00
2023-05-11 14:07:39 +02:00
== Resources
=== Documentation
* PHP Manual - https://www.php.net/manual/en/language.variables.variable.php[Variable variables]
2021-06-02 20:44:38 +02:00
2021-06-03 09:05:38 +02:00
ifdef::env-github,rspecator-view[]
2021-09-20 15:38:42 +02:00
'''
2023-05-11 14:07:39 +02:00
2021-09-20 15:38:42 +02:00
== Implementation Specification
2023-05-11 14:07:39 +02:00
2021-09-20 15:38:42 +02:00
(visible only on this page)
include::message.adoc[]
2021-06-08 15:52:13 +02:00
'''
2023-05-11 14:07:39 +02:00
2021-06-02 20:44:38 +02:00
== Comments And Links
2023-05-11 14:07:39 +02:00
2021-06-02 20:44:38 +02:00
(visible only on this page)
include::comments-and-links.adoc[]
2021-06-03 09:05:38 +02:00
endif::env-github,rspecator-view[]
