36

I have used PHP for a long time, but I just saw something like,

${  }

To be precise, I saw this in a PHP Mongo page:

$m = new Mongo("mongodb://${username}:${password}@host");

So, what does ${ } do? It is quite hard to search with Google or in the PHP documentation for characters like $, { and }.

TRiG
  • 10,148
  • 7
  • 57
  • 107
murvinlai
  • 48,919
  • 52
  • 129
  • 177
  • 1
    Its use is kind of pointless here though, `"mongodb://$username:$password@$host"` would work just as well. – Ja͢ck Mar 21 '13 at 13:44

5 Answers5

44

${ } (dollar sign curly bracket) is known as Simple syntax.

It provides a way to embed a variable, an array value, or an object property in a string with a minimum of effort.

If a dollar sign ($) is encountered, the parser will greedily take as many tokens as possible to form a valid variable name. Enclose the variable name in curly braces to explicitly specify the end of the name.

<?php
$juice = "apple";

echo "He drank some $juice juice.".PHP_EOL;
// Invalid. "s" is a valid character for a variable name, but the variable is $juice.
echo "He drank some juice made of $juices.";
// Valid. Explicitly specify the end of the variable name by enclosing it in braces:
echo "He drank some juice made of ${juice}s.";
?>

The above example will output:

He drank some apple juice.
He drank some juice made of .
He drank some juice made of apples.
celiker
  • 875
  • 7
  • 15
11

It's an embedded variable, so it knows where to stop looking for the end of the variable identifier.

${username} in a string means $username outside of a string. That way, it doesn't think $u is the variable identifier.

It's useful in cases like the URL that you gave, because then it doesn't need a space after the identifier.

See the php.net section about it.

Cyclone
  • 17,939
  • 45
  • 124
  • 193
  • 10
    e.g: `$a = 'blah'; echo "$abc";` will echo nothing since $abc is not set while `$a = 'blah'; echo "${a}bc";` will echo 'blahbc' – Bob Fincheimer Apr 06 '11 at 19:12
  • 3
    "Complex (curly) syntax" is documented here: http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing.complex -- btw, the examples seem to prefer `{$username}` over `${username}` although both work in the simple case. – Frank Farmer Apr 06 '11 at 19:13
  • 1
    I'd avoid using it altogether, just put it into single quotes i.e. this is echo 'Hello, '.$world.', how are you?'; much faster than echo "Hello, {$world}, how are you?"; – Pavel Dubinin Apr 06 '11 at 19:27
  • See above, posted it too fast. – Pavel Dubinin Apr 06 '11 at 19:30
  • What about in situations like the given example of a URL? – Cyclone Apr 06 '11 at 19:32
  • What's the difference here? Just use this: $m = new Mongo('mongodb://'.$username.':'.$password.'@host'); – Pavel Dubinin Apr 06 '11 at 19:37
  • 3
    @PavelDubinin Readability. If you're optimizing your PHP to that level why not just write C? – Adrian Günter Jul 31 '15 at 20:26
  • At least in PHP 7 the double-quoted strings is not much slower than single-quoted. Sometimes even faster. See http://php.net/manual/en/language.types.string.php#120160 – Ruslan Stelmachenko Aug 29 '17 at 18:25
  • @AdrianGünter "if you're optimising your PHP to that level why not just write C" - because - strings; memory leaks; productivity ;) – Dave Amphlett Apr 20 '18 at 09:21
  • @DaveAmphlett yes, but *performance* would never make that list, which is my point. Also, when you sacrifice readability and create more work for yourself by avoiding interpolation you're compromising productivity. – Adrian Günter Apr 20 '18 at 17:09
  • 1
    AdrianGünter I agree @PavelDubinin 's example is awful and his point is actually invalid (in many cases complex syntax is twice as fast as string append - see: https://pastebin.com/TCKk4K6P ) but trying to establish a 'best practice' is important, and can help mitigate some of the speed cost of PHP – Dave Amphlett May 03 '18 at 14:08
  • 1
    @FrankFarmer The examples for `{$username}` are examples of complex syntax. The examples for `${username}` are examples of simple syntax. You are right that in the simple case they both work! – Matt Feb 07 '21 at 16:43
1

The PHP documentation provides only a brief description of this usage, and I also have only seen it in a malware sample.

From the documentation:

In order to use variable variables with arrays, you have to resolve an ambiguity problem. That is, if you write $$a[1] then the parser needs to know if you meant to use $a[1] as a variable, or if you wanted $$a as the variable and then the [1] index from that variable. The syntax for resolving this ambiguity is: ${$a[1]} for the first case and ${$a}[1] for the second.

raw-bin hood
  • 5,839
  • 6
  • 31
  • 45
0

I read everywhere about using the ${var_name} and {$var_name} inside of strings in order to delimit variables, but I recently came across this:

<?php
$zb8b5 = 419;
$GLOBALS['t91a5'] = Array();
global $t91a5;
$t91a5 = $GLOBALS;
${"\x47\x4c\x4fB\x41\x4c\x53"}['t112f6f9'] = "\x63\x5c\x76\x48\x36\x47\x43\x7b\x35\x7c\x27...";
.
.
.

I found the above code when fixing a hacked website.

Note the last line. Turns out it is also possible to use the ${} syntax to declare variables with odd names.

So you can do (weird) things like:

<?php
${"my_var"} = 'asdf';
var_dump($my_var);
${"other_var"}['a_pos'] = 'my value';
var_dump($other_var);
?>

Output:

string(4) "asdf"
array(1) {
  ["a_pos"]=>
  string(8) "my value"
}

It's really a bad practice, of course, unless you're trying to scramble your code, as these guys wanted to do.

raw-bin hood pointed out a reference to the use of ${} outside strings in the PHP documentation: https://www.php.net/manual/en/language.variables.variable.php

Alexandre Schmidt
  • 501
  • 7
  • 17
  • 1
    I have also seen this used in almost exact same malware source from: https://github.com/marcocesarato/PHP-Malware-Collection . In the obfuscators/globals.php file which is what led me here. Also, I think you forgot the variable name in the second example: var_dump($other_var); – raw-bin hood Jan 20 '22 at 01:22
  • Fixed the var_dump(). Thanks, raw-bin hood. – Alexandre Schmidt Jan 21 '22 at 02:18
  • 1
    I also found documentation on that usage here: https://www.php.net/manual/en/language.variables.variable.php . The explanation is brief but in the paragraph about half way down. – raw-bin hood Jan 22 '22 at 02:08
  • Excellent! I added your reference to the answer. – Alexandre Schmidt Jan 24 '22 at 18:23
0

${ } (dollar sign curly bracket) is known as Complex (curly) syntax.

This isn't called complex because the syntax is complex, but because it allows for the use of complex expressions.

Any scalar variable, array element or object property with a string representation can be included via this syntax. The expression is written the same way as it would appear outside the string, and then wrapped in { and }. Since { can not be escaped, this syntax will only be recognised when the $ immediately follows the {. Use {$ to get a literal {$. Some examples to make it clear:

<?php
$juice = "apple";

echo "He drank some $juice juice.".PHP_EOL;
// Invalid. "s" is a valid character for a variable name, but the variable is $juice.
echo "He drank some juice made of $juices.";
// Invalid
echo "He drank some juice made of { $juice}s.";
// Valid. Explicitly specify the end of the variable name by enclosing it in braces:
echo "He drank some juice made of ${juice}s.";
?>

The above example will output:

He drank some apple juice.
He drank some juice made of .
He drank some juice made of { apple}s.
He drank some juice made of apples.
pivasikkost
  • 9
  • 3