@@juanmalpartida1333 You say that like If this was some old obscure language. But there are tons of people using it now days for things like WordPress and Laravel
I'm fairly new to getting back into C (did some Java stuff back in 2009-2012 but switched to hardware) And even I'm this question. But tbh I need to get better at C# (unity) and learn Python because that's where my potential career path lies.. But I wanna finish making a video game first lmfao
Actually it's a way to call a variable... Variable names can contain variables if you write them with curly braces like $bar = 'crazy'; ${"foo".$bar} = "PHPlol"; Echo $foocrazy; // will output PHPlol And even more weird but useful stuff if you don't use unfiltered user input in the name of the variable. Oh, and part of this stuff works to call functions too !
@@spacewargamer4181 I mean if your job is to fix that and you get paid to do so to sit there for 8 hours and try and figure it out and after those 8 hrs you get to go home do you really care about the task at that point
@@spacewargamer4181 Ok, maybe my point didnt come across clear. What Im trying to say is that as long as you get paid fairly why care about the work you are given. does that make sense?
Frameworks like Laravel puts you to the right path of lord of code by giving you a concrete way to do your stuff. So is not PHP, is the way you use it and organize your code.
Been a few years since I was a PHP dev, but I seem to recall that these so-called "variable variables" were universally loathed by the community and their usage considered to be pretty much unforgivable, for pretty obvious reasons.
for commenters: no, its not a pointer mechanism, but lexical scope lookup, that is common for dynamic langs. in python you would do this by locals()[bar], for example
This also possible in Python and other languages. Although Python you have to explicitly say globals()[variable]. Dynamic variables. It’s a type of reflection, also note - it’s not really used in PHP by developers. Just like it’s not really used in most other languages. But yes, this is a thing in many languages. Even can be emulated in JavaScript.
Genuinely almost all programming languages have a way of doing this. So what you're saying is that all programming languages suck, because the programmer can write garbage code.
I don't know my dude it kinda reminds me of a board with a nail sticking out on a walk path. Overwhelming feeling to get rid of it knowing that's gonna hurt if I step on it.
To all the people saying this is a pointer, it's not. In fact based on the experiments I did with it, it's more similar to javascript objects than anything else. That is, `${...}` in PHP is similar to `window[...]` in javascript. A *pointer* is a variable that stores a memory address. A pointer can be _dereferenced_ to extract a value from its address, and it can have _arithmetic_ done on it to derive a new offset pointer. For example, if you have a pointer named `buffer`, you can make another pointer `bufferptr`, use the second pointer to "walk" the memory pointed to by `buffer`, and then return `bufferptr - buffer` to get the length of the data stored in `buffer` via `bufferptr`. Or, you can take a pointer like `string`, add to it `token = string + 5`, and `token` will hold a substring. I see where some people would be confused, because $$variable does _look_ like a pointer dereference, but it's not. It's a key lookup. A *reference* is similar to a pointer, but different. A reference is a variable that mirrors a value. References can be implemented with pointers, but they are not themselves pointers, because references cannot be manually dereferenced or have arithmetic done on them. In languages that have references, technically everything is a reference. For example, in JavaScript, `let foo = 5` creates a reference named `foo` to the value 5. Modifying foo is actually creating a new Number object with the new value and setting foo to be a reference to the new object. The old object, without any living references to it, is eventually garbage-collected. if you then do `let bar = foo`, even though bar is also a reference to 5, foo and bar are not referencing the same object. Since `5` is an instance of a primitive type, it's copied every time it's stored. So modifying foo will not also modify bar. Numbers, strings and booleans are primitive values. Then you have objects and arrays, which are created in memory and then a reference is stored. If you do `a = [1,2,3]; b = a`, then a and b are actually both references to the same array. Modifying one modifies the other. This can get confusing, because JavaScript also has == and === for comparing. === was added later on because of Javascript's fucked up type system. == does a value compare, but will coerce types to make the comparison, which leads to silly results like `[] == false` being true. === is different in that it first checks the types of its operands and will automatically yield false if the types are too different to be compared without duck typing. But then you can also have surprising results, like `a = 5; b = 5; a === b` is true, while `a = []; b = []; a == b` is false, while `a = []; b = a; a === b` is true. That's because for objects that are passed by-reference, such as arrays, the identity is compared rather than the value. You can have two arrays that are completely identical in their contents, but if they are not references to the same array, then they will have different identities and therefore compare unequal. Strings are primitive, so they *are* compared by-value, but the fact that arrays cannot be compared with == or === can seriously trip programmers up. Though JavaScript is just a notoriously difficult language to debug to begin with. Why do you think there's such a huge push to move to TypeScript and WASM? You might hear of terms such as pass-by-value and pass-by-reference. C is 100% pass-by-value, which is why pointers are so necessary. JavaScript, on the other hand, is pass-by-sharing. Which is essentially what I described above wherein you have primitive types that are passed by-value (copied) and non-primitive values that are passed by-reference (mirrored). Pass-by-sharing is pretty common in managed languages. Though most languages tend to give you more explicit control over references, so in C# for example, you _can_ make a reference to an int. You can even use pointers in C#, though they're disabled by default and are locked behind the `unsafe` keyword (meaning you have to declare within an unsafe{...} scope and turn on a specific compiler switch if you want to use pointers at all). Every language is different and it's good to look into those things and test the basic mechanics to make sure they work as you think they do. It's worth having that deeper understanding.
@@georgplaz YOu know ppl in RL who you always have to ask? Annoying AF. Same like "you know what happen ..." or "whats the matter?" "nothing" -.- Just say it ffs :D --- Saying something without really telling something is useless. =)
0:30 I agree in general PHP is a simple easy language, thus fun. But your example is the kind of code how you get injection. It needs to have lots of checks around it.
@@king_james_official it's called a variable variable, some other languages have ways of doing this as well. I can see the overlap with a pointer, but since you're not storing a memory address it isn't one, and you don't get all the functionality of a pointer as a result. Personally I can't even think of a use case where you'd want to use this.
It really gets fun when you use variable variable names to create variables. Have an empty string, use that as a variable name and you've got an "unnamed" variable. Thankfully no one does that. I've never seen variable names in practice anyway.
Double quotes are interpolated, while singles are not. There was no reason to mix them in this video. Also, double $ is forbidden in the professional world. I agree, though. PHP is a fun language. Every language is a fun language if you're learning and growing. Best.
I wouldn't say it's forbidden, you just _really_ have to know what you're doing. As it stands I'm struggling to find a use case for it, ngl. I do use things like _new $someClassName_ but variable variables are just something I can't find a use for.
old grummer words passing to new generation from 2000, it has been an inside joke but people tend to be innocent with their lack of infomations... PHP sucks, and It still be taken a place inside me.
@@aboshxm2416 5 years of PHP, never typed $ by mistake while accessing an object property. Btw any decent IDE will highlight dynamic property access with a specific color.
@@aboshxm2416 like I've been working with PHP for 8 years and I've never accidentally double $$-ed. Any IDE also highlights this occurrence differently than normal variables. This is such a dumb argument that I'm doubting that you're even a programmer.
I didn't know you can do this more than once but the ability to reference anything in php is what I'm missing in a lot of languages. Php can parse itself, it's marvellous. You can have a piece of code that says "if I am inside a method then print the first 3 lines off my class code, whatever they are"...marvellous
@@AJD... what the fuck are you even talking about? Man I swear, some of you people are just throwing words around without having a clue about what they mean. How does calling a variable from a string value cause any of the vulnerabilities you just mentioned?
You will most likely never run into such a problem if you stick to good structured programming and good practices. This is just anecdotal, I have never found it to be a problem.
PHP is really nice programming language, it’s really easy to adapt also easy to search knowledgebase. BUT easy is weakness for PHP. When beginner make code, debug will be nigthmare.
fun fact, when you recieve requests to php, you can not have some charcaters in it, for example . because of a feature that was depricated 10 years ago... and you access it using a string.
It seems like now that there is v8.0, v8.1 and soon 8.2 and it implements some stuff out of othe languages it becomes popular again. Love that language to bits. Was my first i learned at 14 years
Or you write super low level php library, which require this feature for flexibility and you care about all potential vulnerabilities connected to this)
