What kind of naming convention should I use for variables in uncompiled code like PHP that is holding values for passwords?
Obviously naming something “loginPassword” isn’t good- so what do people use instead?
Asked
Active
Viewed 36 times
-3
-
PHP doesn't have a compiler. What do you mean? – Dharman May 28 '19 at 21:14
-
2What are you trying to protect againts? – Jason K May 28 '19 at 21:18
-
1PHP is executed on the server so no users will see the PHP code. I don't see any benefit in obfuscating the name of a variable that will hold a password. Or maybe I misunderstood your question. Can you explain why you were thinking that name wouldn't be good? – Don't Panic May 28 '19 at 21:43
1 Answers
0
Generally, best practice is for variable names and functions that are descriptive of their purpose.
Thus:
$loginPassword = $_POST['loginPassword'];
is fine. It tells you exactly what this code is and how it will be used. As an addendum,
$loginPassword = hash($AlgoChoice, $_POST['loginPassword'].$salt);
might be a good idea so you only ever have to handle the salted and hashed password. That would give you a variable ready to use in an SQL SELECT statement.
As PHP is run on the server side, the end user should not see the code. Nevertheless, it is wise to write code as if your enemies can see a copy. See and know there is no point attacking it.
Matthew Brown aka Lord Matt
- 2,298
- 1
- 27
- 40