PHP Single Quoted String and Nowdoc
PHP String with Security Considerations - Part 2
Foreword: In this part of the series, I talk about PHP Single Quoted String and what is known as NowDoc.
By: Chrysanthus Date Published: 29 Oct 2018
Introduction
A string is a series of characters. A Western European character occupies a space of 1 byte in the computer memory. A string literal is delimited by a pair of single quotes or a pair of double quotes. In this tutorial, we are concerned with single quoted strings.
Try the following code:
<?php
$str = 'I like my job.';
echo $str;
?>
String Access and Modification by Characters
The characters in a string are similar in their positions, to elements in an array. You can access each character using index in []. Remember, index counting begins from 0 (not 1). Try the following code:
<?php
$str = 'I like what I see.';
echo $str, '<br>';
echo $str[7], '<br>';
$str[7] = 't';
echo $str;
?>
The output is:
I like what I see.
w
I like that I see.
The index is used just as with the array. You can use {} in place of [] here. Try the following:
<?php
$str = 'I like what I see.';
echo $str, '<br>';
echo $str{7}, '<br>';
$str{7} = "t";
echo $str;
?>
The output is the same.
If you use negative indices, you start accessing from the back of the string. The last character is for index, -1, since index zero is already for the first position; last-but-one character is for index, -2, third-to-the-last character for index, -3, and so on. Try the following code:
<?php
$str = "I like what I see.";
echo $str, '<br>';
echo $str[-2], '<br>';
$str[-2] = "t";
echo $str;
?>
The output is:
I like what I see.
e
I like what I set.
Use of indexing to access characters in a string, has some issues. I will address that at the end of this series.
Escaped Sequences
Escaped Sequences or Escaped Characters are special characters. A character here actually consists of two characters with the first one being the backslash. Common escaped sequences and their meanings are:
Sequence Note Description
t horizontal tab (HT, TAB)
v vertical tab (VT)
n newline (NL)
r return (CR)
f form feed (FF)
\ backslash
$ dollar sign
" double-quote
Any of these special characters will have some effect in the program or be replaced by the single character it represents.
Within single quoted string, if you want single quote, use ' . If you want double quote, just type the double quote, " . If you type, " you will get " and not " , from within a single quoted string.
Note: the character, { or } cannot be escaped in a single quoted string.
Try the following code:
<?php
$str1 = 'some text some' text.';
$str2 = 'some text some" text.';
$str3 = 'some text some" text.';
$str4 = 'some text {some} text.';
$str5 = 'some text {some} text.';
echo $str1, '<br>';
echo $str2, '<br>';
echo $str3, '<br>';
echo $str4, '<br>';
echo $str5, '<br>';
?>
The output is:
some text some' text.
some text some" text.
some text some" text.
some text {some} text.
some text {some} text.
No Expansion of Variable
A variable within single quotes does not expand (is not replaced by) to its value. Try the following code:
<?php
$tf = "twenty five";
$str = 'I will give you $tf apples.';
echo $str;
?>
The output is:
I will give you $tf apples.
$tf has not expanded.
No Interpolation of Escaped Characters
No escaped character is replaced by a value or has any effect within single quotes, except '.
The word, parsing means changing something towards the final result. Again, in this tutorial we are dealing with single quoted strings.
Simple Syntax
Simple syntax variables are scalar variables, keyed array variables and object property variables.
No simple syntax variable is parsed within a single quoted string. Try the following code:
<?php
$juice = "orange";
echo 'He drank some $juice juice.';
?>
The output is:
He drank some $juice juice.
with the variable not changed to, orange.
Complex Syntax
Simple syntax refers to scalar variables, keyed array variables and object property variables. Anything outside this is complex variable or curly variable.
No complex syntax variable is parsed within a single quoted string.
Nowdoc
Assume that you are typing in a text editor. If you want more than one consecutive spaces, you press the keyboard spacebar the corresponding number of times. If you want a newline, you press the Enter key. If you want a number of consecutive newlines, you press the Enter key the corresponding number of times. The result is an overall formatting with spaces and newlines.
PHP can send this overall formatting to the console or a text editor file, but on condition that you use the nowdoc syntax. This would also send the overall formatting to the web page at the browser, but the web page would not display consecutives spaces and it would not display newlines. This is because the web page needs but a number of “ ” for consecutive spaces and <br> for a new line.
The overall formatting can be seen in its entirety (all text) in the text editor page or the console.
Consider the following script:
<?php
$str = <<<'EOF'
some spaces yes space
a line and yes a line
another line and spaces
EOF;
echo $str;
?>
The nowdoc syntax begins with <<<. This is followed by an identifier without $ and without space, after it. The Enter key is pressed. The identifier is in single quotes. Then you type the string content giving any number of consecutives spaces you want and just pressing the Enter key at the end of each line. The last line of the syntax, is the same identifier, and should be typed at the beginning of the last line. Immediately after that you type a semicolon and then press the Enter key (no space before pressing the Enter key). So, the nowdoc string has an opening identifier and a closing identifier, which are the same, e.g. EOF above. You can choose any name you want for the identifier. The nowdoc string above is assigned to the variable, $str. Choose any name for this variable. The variable content can be printed to the console. Read and try the above code, if you have not already done so.
Note: All the interpolation rules (expansion and replacement of escape sequence with effect) mentioned above are applicable to nowdoc.
That is it for this part of the series. We stop here and continue in the next part.
Chrys
Related Links
Basics of PHP with Security ConsiderationsWhite Space in PHP
PHP Data Types with Security Considerations
PHP Variables with Security Considerations
PHP Operators with Security Considerations
PHP Control Structures with Security Considerations
PHP String with Security Considerations
PHP Arrays with Security Considerations
PHP Functions with Security Considerations
PHP Return Statement
Exception Handling in PHP
Variable Scope in PHP
Constant in PHP
PHP Classes and Objects
Reference in PHP
PHP Regular Expressions with Security Considerations
Date and Time in PHP with Security Considerations
Files and Directories with Security Considerations in PHP
Writing a PHP Command Line Tool
PHP Core Number Basics and Testing
Validating Input in PHP
PHP Eval Function and Security Risks
PHP Multi-Dimensional Array with Security Consideration
Mathematics Functions for Everybody in PHP
PHP Cheat Sheet and Prevention Explained
More Related Links