Basics of PHP Variables with Security Concerns
Basics of PHP with Security Considerations - Part 3
Basics of PHP Variables with Security Concerns,
Foreword: In this part of the series, I also talk about security, relating to what is known as the Boolean variable.
By: Chrysanthus Date Published: 30 Aug 2018
Introduction
Example
Consider the following statement;
$myStr = "This is the third part";
In the above statement, the variable is, $myStr, meaning, my String. The value "This is the third part" is in quotes. It is a string. It is assigned to the variable, $myStr, using what is called the assignment operator, “=”. The statement ends with a semicolon.
A variable begins with the dollar sign followed by the name of the variable. A valid variable name begins with a letter or underscore, followed by any number of letters, numbers, or underscores.
Consider now the following two consecutive statements:
$myStr = "This is the third part";
echo $myStr;
The first statement assigns the value, "This is the third part" to the variable, $myStr. The second statement sends (copies) the value assigned to the variable to the browser. The second statement has the, echo construct. What goes next to the construct, echo, is called an argument to echo. So $myStr is an argument to echo. There are many situations in computing where you would use the variable instead of the value. Try the following code (copy and paste or re-type and then run - replace previous content of temp.php with the code):
<?php
$myStr = "This is the third part";
echo $myStr;
?>
Numbers as Values
You can use numbers as values. You can assign a number to a variable. Consider the following two statements:
$myNum = 56.48;
echo $myNum;
The number, 56.48 is assigned to the variable, myNum. When you are assigning a number, you do not have to put the number in quotes. The second line sends the number to the browser. Here, the argument to the echo construct is, myNum. Try the following code:
<?php
$myNum = 56.48;
echo $myNum;
?>
Assigning a Variable to another Variable
You can assign a variable to another variable. Consider the following two statements:
$str1 = "test";
$str2 = str1;
The first statement assigns the string value, “test” to the variable, $str1. The second statement assigns the variable, $str1 to $str2. The value of $str2 is “test” copied from str1.
Changing the Value for a Variable
You can assign a value to a variable and then change it after that. Consider the following statements:
$myStr = "test";
$myStr = "good";
The first statement assigns the value, “test” to the variable, $myStr. The second statement assigns a new value to the same variable. The final value of, $myStr is “good”.
Boolean Variable
In some situations, you can have only one of two possible values. The value can either be, true or false. Any variable that deals with these two values is called a Boolean variable. So, you can have something like:
$myVar = true;
or
$myVar = false;
You do not put quotation makes around true or false.
If a variable (in a statement) is not assigned any value, its value is considered as NULL, as in:
$myVar;
Null means nothing. You can explicitly assign the value "null" without the quotes to a variable, as in:
$myVar = null;
For both statements the value of $myVar is null.
Rule for Naming a Variable
A variable name must start with a letter or underscore, ‘_’. Within the name and at its end, you can have a letter, number or underscore. You precede all that with a $ sign.
Case Sensitivity in PHP
PHP is said to be case sensitive (for variables). This means that for variable names, $myVar is not the same as $MyVar or $myvar or $MYVAR, etc.
Exception to this is for the values of the Boolean and Null variables. So for Boolean values (to Boolean variables), true, false TRUE, FALSE are allowed. For Null values (to Null variable ), null, NULL are allowed.
Creating a Variable
Before you can use a variable, you have to create it. To create a variable, you begin with the $ sign and then the name of the variable, as illustrated above. You do not have to assign a value to a variable when you create it (but end it with a semicolon). You can do the assignment later. The following code illustrates this:
<?php
$myVar;
$myVar = "you";
echo $myVar;
?>
As coded previously, you can still start a variable while assigning a value to it, as in the folloing code:
<?php
$myVar = "you";
echo $myVar;
?>
When to use Quotation Marks for Values
If your value is a number or a Boolean value or null, you should not use quotation marks. If your value is a string, you must use quotations marks.
String
A string is a value in quotes. The quotes may be single (') or double ("). If the first quote is single, the second closing quote must be single; if the first quote is double, the second quote must be double.
Integer
An integer is a whole number. It can be a negative number, zero or a positive number, e.g. –5, 0 or +5 . A positive number can be written without the + sign.
Floating Point Number
A floating-point number is a number with a decimal point, e.g. 2.5 . There are several ways of writing it – see later.
Literals
When used as a value, a string, integer or floating-point number is called a literal. An example of a string literal is, "I love you.". An example of an integer is, 25. An example of a float number is 32.369 .
Boolean Values and Security Issues
A Boolean value is either TRUE or FALSE. However, 0, or '0' or null or '' (empty string) is equal to FALSE, but FALSE is not identical (equivalent) to 0, or '0' or null or ''. I will say the problem this causes later. Also, 1 or -1 or '1' or '-1' or 'text' is equal to TRUE, but TRUE is not identical (equivalent) to 1 or -1 or '1' or '-1' or 'text'. I will say the problem this causes later.
We have seen a lot. Let us take a break here and continue in the next part of the series.
Chrys
Related Links
Basics of PHP with Security ConsiderationsWhite Space in PHP
PHP Data Types with Security Considerations
PHP Variables with Security Considerations
PHP Operators with Security Considerations
PHP Control Structures with Security Considerations
PHP String with Security Considerations
PHP Arrays with Security Considerations
PHP Functions with Security Considerations
PHP Return Statement
Exception Handling in PHP
Variable Scope in PHP
Constant in PHP
PHP Classes and Objects
Reference in PHP
PHP Regular Expressions with Security Considerations
Date and Time in PHP with Security Considerations
Files and Directories with Security Considerations in PHP
Writing a PHP Command Line Tool
PHP Core Number Basics and Testing
Validating Input in PHP
PHP Eval Function and Security Risks
PHP Multi-Dimensional Array with Security Consideration
Mathematics Functions for Everybody in PHP
PHP Cheat Sheet and Prevention Explained
More Related Links