46 lines
1.2 KiB
Plaintext
46 lines
1.2 KiB
Plaintext
Passing a reference to a function parameter means that any modifications the method makes to the parameter will be made to the original value as well, since references have the effect of pointing two variables at the same memory space. This feature can be difficult to use correctly, particularly if the callee is not expecting a reference, and the improper use of references in function calls can make code less efficient rather than more efficient.
|
|
|
|
|
|
Further, according to the PHP manual:
|
|
|
|
____
|
|
As of PHP 5.3.0, you will get a warning saying that "call-time pass-by-reference" is deprecated... And as of PHP 5.4.0, call-time pass-by-reference was removed, so using it will raise a fatal error.
|
|
____
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
[source,php]
|
|
----
|
|
myfun(&$name); // Noncompliant
|
|
----
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
[source,php]
|
|
----
|
|
myfun($name);
|
|
----
|
|
|
|
|
|
== See
|
|
|
|
* https://cwe.mitre.org/data/definitions/374[MITRE, CWE-374] - Weakness Base Passing Mutable Objects to an Untrusted Method
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|