52 lines
1.3 KiB
Plaintext
52 lines
1.3 KiB
Plaintext
== Why is this an issue?
|
|
|
|
Variable variables in PHP allow you to use the value of a variable as the name of another variable.
|
|
This feature can be useful in dynamic programming scenarios where variable names need to be dynamically determined and manipulated.
|
|
|
|
=== What is the potential impact?
|
|
|
|
The use of variable variables in PHP can make code harder to read and understand, as it introduces a level of indirection and can lead to confusion.
|
|
It can also increase the risk of security vulnerabilities, such as allowing user input to directly manipulate variable names, potentially leading to injection attacks or unintended behavior.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,php]
|
|
----
|
|
$var = 'foo';
|
|
$$var = 'bar'; //Noncompliant
|
|
$$$var = 'hello'; //Noncompliant
|
|
|
|
echo $foo; //will display 'bar'
|
|
echo $bar; //will display 'hello'
|
|
----
|
|
|
|
== Resources
|
|
|
|
=== Documentation
|
|
|
|
* PHP Manual - https://www.php.net/manual/en/language.variables.variable.php[Variable variables]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
|
|
== Implementation Specification
|
|
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove the use of this variable variable "XXX".
|
|
|
|
|
|
'''
|
|
|
|
== Comments And Links
|
|
|
|
(visible only on this page)
|
|
|
|
=== on 12 Feb 2014, 18:33:54 Freddy Mallet wrote:
|
|
Is implemented by \http://jira.codehaus.org/browse/SONARPLUGINS-2330
|
|
|
|
endif::env-github,rspecator-view[]
|