Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is "Greedy Token Parsing"?

What is Greedy Token Parsing in PHP? I was reading a PHP coding guide which said the following...

"Always use single quoted strings unless you need variables parsed, and in cases where you do need variables parsed, use braces to prevent greedy token parsing. You may also use double-quoted strings if the string contains single quotes, so you do not have to use escape characters."

Is this using curly braces around my variables some sort of security process to rule out hacking? (E.g. {$var}) Is greedy token parsing some sort of attack that hackers can use, like SQL injection or XSS (Cross Site Scriptiong

like image 857
Jacob Haug Avatar asked Jul 29 '11 19:07

Jacob Haug


1 Answers

Suppose you want the character "a" to immediately follow the value contained in variable $var. If you write "$vara", that's not going to work because you don't have a variable $vara. The parser is greedy--it assumes that everything following $ should be included if it's legal syntax to include it. "${var}a" prevents that.

like image 136
Ted Hopp Avatar answered Oct 03 '22 09:10

Ted Hopp