Page 1 of 1

the construct $$

Posted: Tue Apr 24, 2007 9:24 pm
by Curt
Jcart | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi,

I have been using the construct, $$var, in my web page FORMS to pass arrays of form input, NAME, to my php script for processing.  I haven't found any reference to this in books or searching.  My question is, Is there any thing inherently faulty or risky with using $$ ? I'm not very skilled in php, but sometimes get something useful done....thanks in advance

Below I show some code snippets of how I'm using it to pass a list of form input NAMEs corresponding to the VALUEs (file names in my application)

In the php script that gets the form data I have:
......

Code: Select all

// $numberf is the number of file names being passed from the form
for ( $count = 1; $count <= $numberf ; $count++){

$file_number = 'fil' . $count; // i.e., forming an array of values like: fil1, fil2, fil3, etc, as the loop progresses.

// then I use the construct:
$file_array[$count]=$$file_number;

}
in order to establish the array, $file_array[ ], whose values are those "pointed to" (indexed) by the list: fil1, fil2, fil3, etc. (the result is passing an array of file name from the form)

A similar loop was used to form the above list in the web page for NAME in the form INPUT; VALUE was a list of file names corresponding to the form input NAMES, as shown below.

.......

Code: Select all

// $nfiles is the number of files

echo "<table>";

echo "<form method=\"POST\" name=\"iamform\" action=\"file_delete.php\">";
echo "<INPUT TYPE=\"hidden\" NAME=\"numfiles\" VALUE=\"$nfiles\">";

for ( $count = 1; $count <= $nfiles ; $count++) {
$file_num = 'fil' . $count;

              
                        echo "<tr>";
			echo "<td colspan='2' >";
			
			echo "$filelist[$count]</td>";
$onefile = "$filelist[$count]";

echo "<td colspan='2' >";

echo "<INPUT TYPE=\"hidden\" NAME= \"$file_num\"  VALUE=\"$onefile\">";
.....
Thanks,
Curt


Jcart | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Apr 24, 2007 11:05 pm
by alex.barylski
Not really risky, but it depends on how it's used, as you already know it simply returns the namespace label of the variable.

IMHO it's bad practice, and is one of those things that people who are limited to just PHP often implement and/or use. There are many practices that PHP developers employ which I consider "bad" and this is one of them.

I could go on forever, but I'll save that for a blog. :P

In essence, it's fine, if your comfortable using it and are careful of it's use.

One argument I would use against it's use, is it's PHP implicit-ness. Many times, we as developers are roped into projects which we are not primarily concerned with and have to struggle with adjusting the code.

Someone with a background in C/C++ would normally understand PHP syntax enough to get things done, but seeing something like $$variable would likely cause confusion and delay in development.

Unless you know it's called a "variable variable" good luck finding that immediate and discovering it's purpose. You'd likely have to ask in a forum and wait for a reply from someone - which isn't bad, but a PITA when a deadline is looming.

Cheers :)

Posted: Wed Apr 25, 2007 8:58 am
by Zu
As Hockey said, I would consider it a bad practice. Main reason because it is not inherently clear what it does at first - it needs snooping around in the code.

If you do use it, make sure you document it well.

Re: the construct $$

Posted: Wed Apr 25, 2007 9:51 am
by timvw
Curt wrote: I have been using the construct, $$var, in my web page FORMS to pass arrays of form input, NAME, to my php script for processing. I haven't found any reference to this in books or searching. My question is, Is there any thing inherently faulty or risky with using $$ ? I'm not very skilled in php, but sometimes get something useful done....thanks in advance
You can find more info in the manual under the section 'variable variables', more exotic variants are ${$somethingvar . 'somethingfixed'}...

The problem with variable variables that they can easily infect your scope with unsecured/unverified data...

thanks for help with $$

Posted: Wed Apr 25, 2007 6:01 pm
by Curt
Thanks very much fellows ! That is exactly the kind of info I was looking for.

Also was helpful to know that this is called variable variable....I can search on this. (as a side note, I learned that there are apparently no web search services in which you can do a partial word, or wild card, search -- like on $$)

Curt

Posted: Thu Apr 26, 2007 2:53 am
by onion2k
Your script looks like it relies on register_globals. I can't be certain.. but if it does you should probably sort that out.

register_globals

Posted: Thu Apr 26, 2007 10:25 am
by Curt
..thanks for pointing this out, did some research on register_globals

Sounds like to be safe, I should leave register_globals turned off (as I understand is the default since PHP 4.2.0) and alway initialize variables ...right ?