PHP string interpolation syntax - php

I tried to do redirect with this syntax:
header("location: readMore.php?id=$post['post_id']");
But it didn't work. It worked only after someone suggested to put curly brackets around $post['post_id']!
The correct syntax is:
header("location: readMore.php?id={$post['post_id']}");
What does the curly brackets do in this case?

Quoting the manual:
When a string is specified in double quotes or with heredoc, variables are parsed within it.
There are two types of syntax: a simple one and a complex one. The simple syntax is the most common and convenient. It provides a way to embed a variable, an array value, or an object property in a string with a minimum of effort.
The complex syntax can be recognised by the curly braces surrounding the expression.
Your first code uses simple syntax, and your second code uses a complex one.
The manual does not explicitly state this, but whitespace in simple syntax seems to be an error, rendering your first code invalid. Complex syntax appears to support the same syntax as regular PHP does as far as I can see, but again this does not seem to be actually guaranteed anywhere.
String interpolation is quite flunky in general:
$a = [['derp']];
$b = $a[0];
// Works. It prints derp
echo "$b[0]";
// Doesn't work. It throws an error
echo "$b[ 0 ]";
// Works. It prints derp
echo "{$b[ 0 ]}";
// Doesn't work. It prints Array[0]
echo "$a[0][0]";
// Works. It prints derp
echo "{$a[0][0]}";
// Doesn't work. It prints { Array[0] }
echo "{ $a[0][0] }";
You get similar issues with $object -> foo and $object->foo->bar.
To me, that is pure madness. For that reason I've come to avoid double quoted strings whenever possible (the only thing I used them for are for escape sequences like "\n"). I instead use single quotes and string concatenation, like so:
header( 'location: readMore.php?id=' . $post[ 'post_id' ] );
This lets you use actual PHP syntax for variables without the horrible death trap that is string interpolation.

I came to this question to know more about constant interpolation syntax when those PHP "<<<" things are used to create multiline strings called Heredocs (which allow variable interpolation, unlike Nowdocs).
However, it seems there is no specific syntax for them, and therefore a simple workaround is to create a closure to do so. In here it is just an anonymous function assigned to a variable that will be invoked with parameters:
$int = 'intruder'; // Variable
define('con', '"smart"'); // Constant
// For complex interpolation:
// 1. Define a closure (anonymous function)
// 2. Assign it to a variable with a short name (e.g.: _ )
// 3. Invoke the function by calling the variable with parameters enclosed in ()
$_ = function ($val){return $val;};
$doc = <<<TXT
Hi there,
One day I caught this $int nearby.
I was then told that actually other {$_(con)} $int was there before.
So who came first, the chicken or the egg?
TXT; // Heredoc
echo $doc;
Output:
Hi there,
One day I caught this intruder nearby.
I was then told that actually other "smart" intruder was there before.
So who came first, the chicken or the egg?
You can test the above online on 3v4l. This was based on this answer with a few more examples with operations inside the interpolation brackets.

When you use double or single quotes, PHP will treat whatever is in it as a string unless you tell it that it’s a variable. PHP understands anything after { followed by $ as a variable and treats it as such. Here is an example:
$Text = "XYz";
echo "name-{$Text}";
The other alternative method is to use concatenation. Here is an example:
header("location: readMore.php?id=" . $post['post_id']);

Brackets allow PHP to read what's inside as a variable. You can do that this way too:
header("location: readMore.php?id=" . $post['post_id']);

PHP's simple string interpolation doesn't recognize quoted array keys, which your example demonstrates perfectly. In fact, the correct way to write this is exactly opposite depending on which syntax used: simple vs complex.
Simple syntax - Wrong
Quoted keys cannot be parsed.
header("location: readMore.php?id=$post['post_id']");
Simple syntax - Right
The unquoted string is the associative array key.
header("location: readMore.php?id=$post[post_id]");
Complex syntax - Wrong
It will work, but only if post_id is a defined constant. If not, you'll get a PHP warning.
header("location: readMore.php?id={$post[post_id]}");
Complex syntax - Right
Written just like outside the string.
header("location: readMore.php?id={$post['post_id']}");
To quote the manual on the complex syntax:
// Works, quoted keys only work using the curly brace syntax
echo "This works: {$arr['key']}";
I'd recommend using complex (curly brace) syntax if using quoted keys. And you really should be using them, because outside the string interpolation unquoted keys are actually constants. It's too bad the simple syntax won't allow them, because it makes code reviews and updating old PHP code more difficult.

Related

Is there any way to use function in PHP double quote string?

In JavaScript , you can do this:
const str = `${capitalize(name)} is cool.`;
Can you do the same with PHP double quote string?
Especially if the function is not a method of some instance (not calling a function pointer from variable)
This does not seem to work:
$str = "ucfirst($faker->word) $faker->buildingNumber";
No, sorry, there's nothing like that built into PHP.
The Strings documentation describes the kinds of substitutions that are done inside double-quoted strings and heredocs.
When a string is specified in double quotes or with heredoc, variables are parsed within it.
There are two types of syntax: a simple one and a complex one. The simple syntax is the most common and convenient. It provides a way to embed a variable, an array value, or an object property in a string with a minimum of effort.
The complex syntax can be recognised by the curly braces surrounding the expression.
...
Complex syntax
Any scalar variable, array element or object property with a string representation can be included via this syntax.
Neither the simple nor complex syntax can be used to include a function call.

How to stop PHP from assuming string contains variable

I've been trying to find solution somewhere for this possibly simple fix but, I haven't been able to surprisingly.
How is it possible to stop PHP from assuming a variable is a part of a string. E.g.
The line of code is $string = "slfnnwnfkw49828323$dgjkt^7ktlskegjejke";
how do you stop PHP from thinking '$dgjkt' is a variable within the string when it's really a part of the full string as characters. Thanks
Use this string like $sting = 'slfnnwnfkw49828323$dgjkt^7ktlskegjejke'
You have to use ' instead of " otherwise php tries to find any variables inside your string
Read the manual.
The most important feature of double-quoted strings is the fact that
variable names will be expanded. See string parsing for details:
When a string is specified in double quotes or with heredoc, variables are parsed within it.
There are two types of syntax: a simple one and a complex one. The
simple syntax is the most common and convenient. It provides a way to
embed a variable, an array value, or an object property in a string
with a minimum of effort.
The complex syntax can be recognised by the curly braces surrounding
the expression.

PHP basic - array\objects

I'm doing a basic quiz . I don't understand the last part:
$_SESSION["x{$user['serial']}"]
What exactly does x{5} array value mean?
x isn't defined anywhere, and in general object literals should be like {x: 5} – some help with this would be great.
session_start();
function setData($data){
if(is_array($data)){
$x = 1;
foreach ($data as $key => $value) {
$_SESSION["x$value"] = $x;
$x++;
}
}
}
$user = array('id'=>3,'serial'=>5);
setData($user);
echo $_SESSION["x{$user['serial']}"];
The curly brackets is used for expanding complex expressions inside double-quote strings, like arrays.
So, in your example, x{$user['serial']} will expand to "x5". You can also write x$value as x{$value}, both with the same result.
BTW that object literal is for Javascript, not PHP :)
You can't access (all kinds of) arrays in a double quoted string.
For instance:
echo "x$user['serial']";
This results in:
PHP Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in php shell code on line 1
In other words, access array elements in an indexed array ("$user[0]") works, but accessing associative elements with a string literal doesn't.
doesn't work because it is too complicated to parse. By using accolades, you say the part should be interpreted separately.
So:
echo "x{$user['serial']}";
is equivalent to:
echo "x".$user['serial'];
The resulting code is thus:
echo $_SESSION["x".$user['serial']];
But more simple.
Given your sample $user, the result is that you access x5 from $_SESSION.
It is not x{5} because it doesn't mean anything. The expression:
"x{$user['serial']}"
is a string enclosed in double quotes. Inside strings enclosed in double quotes, PHP does what in other languages is called "variables interpolation". In plain English, it searches for variable names and replaces them with their values.
It can easily recognize variable names in strings and replace them but the things become more difficult when you want to use more complex expressions like arrays or objects. It could try to guess what the programmer wants but this is not a solution.
That's why PHP finds only simple variables inside the double quotes and relies on the programmer to signal when they want to insert complex things like arrays and objects. And the programmer uses curly braces ({ and }) to tell PHP about the complex expressions inserted in strings.
Check the documentation about string parsing on PHP manual.
Without using the curly braces, in the string "x$user['serial']" PHP recognizes the variable $user and ignores the ['serial'] part. It attempts to replace $user with its string representation and because it is an array, the final string becomes "xArray['serial']" and that is not what you want.
Using curly braces allows the programmer to write something like "x{$user[$field]}" given the variable $field was initialized forehand with the string 'serial'.
If $user['serial'] == 5 then the final outcome is $_SESSION["x5"].
Curly braces can always be used to enclose the variable names in double quoted strings. They are useful, for example, in this situation:
$sep = '--';
$str = "a{$sep}b";
// echo($str) will produce: a--b
Without curly braces around the variable $sep, the string looks like "a$sepb", PHP finds inside it the variable name $sepb and because no such variable exists, the value of $str becomes "a" and this is not what we intended.

PHP string concat without the "dot" operator

I'm working to integrate a plug-in into a PHP web application, and one line of the code puzzles me:
$sql = "update inventory set qtyleft='$qtyleft',price='$price',sales=sales+'$sales',qtysold=qtysold+'$qtysold' where id='$id'";
mysql_query($sql);
where $qtyleft, $price, $sales, $qtysold and $id are all variables.
I'm not very familiar with PHP, but I always thought string concatenation in PHP is done by using the . operator and it seems to me that the code above is just a long string without actually putting those variables to the SQL query. Is that the case?
In PHP, double quote (") delimited strings will evaluate variables in them.
$foo = 42;
echo "The answer for everything is $foo"; // The answer for everything is 42
This specific example is very bad because you shouldn't include variables directly in an SQL query, and shouldn't use mysql_query in new code.
See more:
Why shouldn't I use mysql_* functions in PHP?
How can I prevent SQL injection in PHP?
See Variable Parsing section of the Strings manual page.
When a string is specified in double quotes or with heredoc, variables are parsed within it.
If you use single quotes for a string, the variables will not be interpolated. If you use double quotes, they will be.
The code you mentioned will work in PHP without any issues. Please refer PHP Manual for more details.
Other issue that you might need to look forward is the function mysql_query is depreciate. Please refer here. Which gives me a feeling that the plugin you are going to is use not maintained correctly. And one more problem is, its not a good practice to pass the variable directly in the SQL query do to possible security issues
Some call it "variable interpolation". It is explained on the Variable parsing section of the manual page about strings. It helps to read the entire page and also the user comments.
The basic idea is that for strings enclosed in quotes (") and on heredoc blocks, PHP searches for variables inside the string when it needs to use it and replaces them with their values at the moment of the execution. This means the same string can render to different values in different moments of the script's execution.
This is just syntactic sugar, it doesn't change the way the code behaves and any string that contains variables inside can be rewritten using the string concatenation operator (.). Usually this syntax produces shorter source code. Sometimes the code is easier to read this way, other times it is harder because the complex expressions (array access, f.e.) need to be enclosed in curly braces ({ and }) inside the string.

Better way to make PHP echo a variable followed by square brackets?

I want PHP to echo a string stored in a variable, immediately followed by a set of square brackets containing some other text. This goes into a form that will be sent back to PHP, so PHP needs to be able to interpret the output of this command as an array item.
Here are the methods I've tried:
$var='string';
echo "string[0]" //works, but only because the variable isn't used
echo "$var[0]"; //PHP tries to treat the string as an array
echo "$var\[0]"; //the slash gets echoed
echo "$var[0\]"; //syntax error
echo "$var"."[0]"; //this is what I'm using now. It's very ugly and I want an alternative
Is there any way to make this work without breaking the string into chunks and concatenating them?
Here are the top-two ways I can think of to do this in a single output statement, the one you choose will end up being what fits your personal preference the most (and there are probably others available as well):
printf('%s[0]', $var);
echo $var . '[0]';
You can use the curly brace syntax. From the PHP manual documentation on Strings:
Any scalar variable, array element or object property with a string representation can be included via this syntax. Simply write the expression the same way as it would appear outside the string, and then wrap it in { and }. Since { can not be escaped, this syntax will only be recognised when the $ immediately follows the {.
Surround the expression within curly braces (like so: {$var}), so PHP knows where the variable begins and ends.
$var = 'foo';
echo "{$var}[0]"; // => foo[0]
This way, you wouldn't have to worry even if the variable was a quoted array index like $var['foo'] either.
Make it explicit where the variable ends with curly brace syntax:
echo "{$var}[0]";

Categories