What kind of naming convention should I use for variables in uncompiled code like PHP that is holding values for passwords?
Obviously naming something “loginPassword” isn’t good- so what do people use instead?
What kind of naming convention should I use for variables in uncompiled code like PHP that is holding values for passwords?
Obviously naming something “loginPassword” isn’t good- so what do people use instead?
Generally, best practice is for variable names and functions that are descriptive of their purpose.
Thus:
$loginPassword = $_POST['loginPassword'];
is fine. It tells you exactly what this code is and how it will be used. As an addendum,
$loginPassword = hash($AlgoChoice, $_POST['loginPassword'].$salt);
might be a good idea so you only ever have to handle the salted and hashed password. That would give you a variable ready to use in an SQL SELECT statement.
As PHP is run on the server side, the end user should not see the code. Nevertheless, it is wise to write code as if your enemies can see a copy. See and know there is no point attacking it.