Write For Us
php
string
arrays
key
bare

Is there any legitimate use for bare strings in PHP?

Viewed   57 times

This question got me thinking about bare strings.

When PHP sees a string that's not enclosed in quotes, it first checks to see if it's a constant. If not, it just assumes it's a string and goes on anyway. So for example if I have

echo $foo[bar];

If there's a constant called bar it uses that for the array key, but if not then it treats bar as a bare string, so it behaves just like

echo $foo["bar"];

This can cause all kinds of problems if at some future date a constant is added with the same name.

My question is, is there any situation in which it actually makes sense to use a bare string?

 Answers

5

Nope, I can not see a single instance where it would make sense, and it always is dangerous. Using strings without quotes should absolutely be reserved to address constants. I don't understand how the inventors of PHP could decide to introduce this ridiculous behaviour at all - it makes the proper use of constants almost impossible (because if you try to access a constant that has not been defined, PHP will silently and stupidly generate a string) without giving any benefit.

Monday, August 15, 2022
 
tariq_asp.net
 
tariq_asp.net
3 
<?php
$trans = array("a" => 1, "b" => 1, "c" => 2);
$trans = array_flip($trans);
print_r($trans);
?>

http://www.php.net/manual/en/function.array-flip.php

Using array_search http://php.net/manual/en/function.array-search.php

<?php
$array = array(0 => 'blue', 1 => 'red', 2 => 'green', 3 => 'red');

$key = array_search('green', $array); // $key = 2;
$key = array_search('red', $array);   // $key = 1;
?>
Thursday, September 22, 2022
 
new
 
new
4

If you don't mind using regex ...

$str = "key=value, key2=value2";
preg_match_all("/([^,= ]+)=([^,= ]+)/", $str, $r); 
$result = array_combine($r[1], $r[2]);
var_dump($result);
Saturday, October 8, 2022
 
thomas_walpole
 
thomas_walpole
5

As pointed out in the other answer, RDRAND is seeded with true randomness. In particular, it frequently reseeds its internal CSPRNG with 128 bits of hardware-generated randomness, guaranteeing a reseed at least once every 511 * 128 bits. See section 4.2.5 of this doc:

https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide

So in your examples, you used a single 128-bit seed to generate 10 million random draws from rabbit_extract. In the RDRAND version, you had the equivalent of 2.5 million 128-bit draws, meaning that the CSPRING was reseeded at least 2,500,000/511 = 4,892 times.

So instead of 128 bits of entropy going into your rabbit example, there were at least 4,892*128 = 626,176 bits of entropy going into the RDRAND example.

That's much, much more entropy than you're going to get in 0.361 seconds without hardware support. That could matter if you're doing stuff where lots of real randomness is important. One example is Shamir secret sharing of large quantities of data -- not sure if there are others.

So in conclusion -- it's not for speed, it's for high security. The question of whether it's backdoored is troubling, of course, but you can always XOR it with other sources, and at the very least it's not hurting you.

Thursday, October 6, 2022
 
staefi
 
staefi
1

I've used them, although I'd never heard the term code cave until today. The Wiktionary definition suggests that a code cave is something the cracker finds in the executable he or she is attempting to crack. The question you cite doesn't use it that way. Instead, it suggests the code cave is being allocated with VirtualAllocEx to create a brand new block of memory in the target process. That removes the need to search for unused space in the target, and it guarantees you'll have enough space to put all your new code.

Ultimately, I think a "code cave" is just a place to store run-time-generated code. There doesn't have to be any nefarious purpose to that code. And at that point, the question of what a code cave is becomes entirely uninteresting. The interesting parts are what reasons there are for generating code at run time, and what techniques there are for making sure that new code gets run when you want it.

Tuesday, September 27, 2022
 
ethnix
 
ethnix
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
php
string
arrays
key
bare
 
Share
Related Answers
75
 Is there any difference between β€œand” and β€œ&&” operators in PHP?
64
 Is there any way to show, or throw, a PHP warning?
60
 What should I use for user authentication in PHP?
180
 Is there a way to read Doc files in PHP similar to Docx?
88
 Is there a static way to throw exception in php
73
 Is there any way to achieve multiple inheritance in php?
47
 method for comparing strings in php
198
 Is there a difference between Object and Models in PHP/CodeIgniter?
70
 Is there a way to extend a trait in PHP?
54
 Is it good to use filter_var with htmlentities in PHP?
Top Answers Related To

php,string,arrays,key,bare

101
 PHP String to Float
89
 Structure of a Serialized PHP string
106
 PHP String Manipulation: Extract hrefs
98
 How can I get the last 7 characters of a PHP string?
80
 php string number concatenation messed up
77
 Create Carriage Return in PHP String?
62
 how to remove new lines and returns from php string?
211
 php string variables in gettext
55
 Remove everything up to and including character in PHP string
62
 Passing Javascript String into php String
Write For Us · Blog · Privacy · Faqs · Terms of Use · Contact us ·