Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are the rules of string manipulation when using backticks (grave accents)?

In PHP when you write a set a variable equal to a string wrapped in grave accents, it gets executed as it would if it were inside a shell_exec() command. What does the grave accent symbol (`) ( not single quote) represent in PHP?

So, in php you can do all sorts of things to combine strings with variables, etc, what can I and can't I do when using ` instead of ' or " ?

like image 493
Kristian Avatar asked May 30 '12 18:05

Kristian


1 Answers

In the PHP, that character is called a backtick operator.

A literal string wrapped in backticks is a T_ENCAPSED_AND_WHITESPACE token. You can confirm this by running something like this:

print_r(token_get_all('<?php `uname`;'));

which gives you this:

Array
(
    [0] => Array
        (
            [0] => 367
            [1] => <?php 
            [2] => 1
        )

    [1] => `
    [2] => Array
        (
            [0] => 313
            [1] => uname
            [2] => 1
        )

    [3] => `
    [4] => ;
)

And then run token_name(313) which gives you T_ENCAPSED_AND_WHITESPACE.

To the parser, a string wrapped in backticks is equivalent to a string with variables in it like "hello $world". The literal/constant part of the string (the hello part) is T_ENCAPSED_AND_WHITESPACE.

So to answer your question, anything that you can do to a string that contains variables you can do to a string wrapped in backticks.

So why T_ENCAPSED_AND_WHITESPACE? Probably, because like a string containing variables, it's value is determined at runtime. Whereas a T_CONSTANT_ENCAPSED_STRING (a normal literal string) is kind of like a constant in the eyes of the parser.

like image 177
jnrbsn Avatar answered Sep 18 '22 08:09

jnrbsn