PHP Ternary and Incrementing Operators with Security Considerations
PHP Operators with Security Considerations - Part 5
Foreword: In this part of the series, I talk about PHP Ternary and Incrementing Operators with Security Considerations.
By: Chrysanthus Date Published: 17 Oct 2018
Introduction
Ternary Operator
The ternary operator is, ? :. Consider the following program:
<?php
$a = 5;
$b = 10;
if ($a > $b)
{
$bigger = $a;
}
else
{
$bigger = $b;
}
echo($bigger);
?>
The code begins with the initialization of $a, then $b. After that you have the declaration of $bigger. The aim of the program is to find the bigger of the two numbers between, $a and $b. The variable, $bigger holds the bigger number.
The if-condition is ($a > $b). It checks if $a is bigger than $b. If it is, then the value of $a is assigned to $bigger as the if-block is executed. If it is not, then the value of $b is assigned to $bigger as the else-block is executed. Note, either the if-block or the else block is executed; both blocks cannot be executed. So, the identifier, $bigger ultimately holds the bigger number. The else-block will also be executed if the two values are the same.
The last statement of interest displays the value of $bigger. Note that the if-block has only one statement, and the else-block also has only one statement.
Note: the condition, ($a > $b) is an expression and can be considered as an operand. The statement $bigger = $a and the statement $bigger = $b; can each be considered as an operand. So, there are three operands or three expressions in the if-construct (statement). Also remember that either block above has just one expression.
The above if-construct, in that situation can be replaced with:
$bigger = $a > $b ? $a : $b;
The operator in this statement is "?:". $a is placed in-between ? and :. Though ? and : are separated by $a, they form one operator, "?:". Now, consider just the statement,
$a > $b ? $a : $b;
This statement is the same as the statement above except for the preceding,. $bigger =. In this statement, $a > $b in front of ? is an operand; $a in-between ? and : is also an operand; $b after : is an operand, as well. This statement is interpreted as follows:
In any such statement, if the expression (e.g. $a > $b) before the ? is true, the operand (e.g. $a) before the : is returned, otherwise the operand (e.g. $b) after the : is returned. There are three operands involved: one in front of ?, another in front of : and the last behind :. $a > $b is the if-condition; $a is the single operand of the contracted if-block; and $b is the single operand of the contracted else-block. So, : can be interpreted as else in the expression. The whole statement is a special contracted if-then-else statement.
The return value of the expression has to be held in a variable. And so you have the statement:
$bigger = $a > $b ? $a : $b;
where $bigger holds the returned value. Of course, each of the three variables, $bigger, $a and $b can have a different name.
Try the following program that illustrates the use of the ternary operator:
<?php
$a = 5;
$b = 10;
$bigger;
$bigger = $a > $b ? $a : $b;
echo($bigger);
?>
The Increment Operator is, ++. The operand is a number. When it is placed in front of the operand (prefix), it behaves in one way. When it is placed after the operand (postfix), it behaves in another way.
Prefix: When it is prefix, it adds 1 to the operand and returns the incremented operand value. Try the following code:
<?php
$id1 = 10;
$id2 = ++$id1;
echo($id2);
?>
In the code, initially, 10 is assigned to the variable, $id1. Then we have a new statement. In the new statement you have a new variable, $id2, the assignment operator and then ++$id1. What interest us here is ++$id1, where the increment operator is in front of the variable. The value the increment operator returns, is assigned to the variable, $id2. If you have tried the code, you would have noticed that the value of $id2 is 11. This means, if used prefix, it increments the operand and then returns the incremented content of the operand.
Postfix: When it is postfix, it returns the operand value before adding 1 to it. The returned value is the original value of the operand. The increased value is the new value of the operand, which is not returned. Try the following code.
<?php
$id1 = 10;
$id2 = $id1++;
echo($id2), '<br>';
echo($id1);
?>
If you have tried the above code, you would have noticed that the value for $id2 is 10 and the final value for $id1 is 11, confirming that the incrementing took place after the value was returned. Always remember that when it is placed postfix, the value of the operand is returned before it is incremented.
The Decrement Operator
The decrement operator is --. It decreases its number by 1. It can be used prefix or postfix, as with ++.
Security Consideration
It is recommended that you avoid "stacking" ternary expressions. PHP's behaviour when using more than one ternary operator within a single statement is non-obvious. Avoid doing something like this:
$biggest = $a > $b ? $a : ($bigger = $c > $d ? $c : $d);
As for incrementing and decrementing operators, you can code $id1++ when you hoped for ++$id. Similarly, you can code $id-- when you hoped for --$id. Just be more conscious to handle this problem.
That is it for this part of the series. We stop here and continue in the next part.
Chrys
Related Links
Basics of PHP with Security ConsiderationsWhite Space in PHP
PHP Data Types with Security Considerations
PHP Variables with Security Considerations
PHP Operators with Security Considerations
PHP Control Structures with Security Considerations
PHP String with Security Considerations
PHP Arrays with Security Considerations
PHP Functions with Security Considerations
PHP Return Statement
Exception Handling in PHP
Variable Scope in PHP
Constant in PHP
PHP Classes and Objects
Reference in PHP
PHP Regular Expressions with Security Considerations
Date and Time in PHP with Security Considerations
Files and Directories with Security Considerations in PHP
Writing a PHP Command Line Tool
PHP Core Number Basics and Testing
Validating Input in PHP
PHP Eval Function and Security Risks
PHP Multi-Dimensional Array with Security Consideration
Mathematics Functions for Everybody in PHP
PHP Cheat Sheet and Prevention Explained
More Related Links