PHP Programming

Dynamic Variable Names in PHP

January 31, 2011

Anyone who has spent a large amount of time programming in PHP has probably used it’s dynamic variable name feature at least once. For those of you who are unfamiliar with it’s usages I will give a quick example:

foreach($_POST as $i=>$p) {
  ${$i} = myreal_escape_string($p);
}

The above is a method I often use to make sure that all POST or GET variables are sanitized. Since I typically use a templating engine I can simply call this before loading my template files and their code. You may be wondering what else you could use this for, or why you’d ever need it, the truth is you probably hardly ever will. Beyond the example I just gave the only other time I’ve seen it in use was when I downloaded some open source code that had a few added features which required you to purchase them. Since the code was all there for me to read I was curious as to what the author did to stop users from just enabling the features themselves. What I discovered was the author had used several dynamic variable names to hide them in the code. In each reference of the variable a different algorithm was used to generate the same variable name, so if you tried to search the code for it you would never find a match. Eventually I did figure it out and was able to enable the features, but out of respect for the author I never did use them.

Only registered users can comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.