Why you can’t put array variables right into a string

Code like this can be seen on SO a lot of times:

What’s wrong with it?

It’s first of all, it’s the very opposite of clean and proper code style.

Properly:

…is the way to go.

Is it only style or is there a serious problem with it?

Yep, the serious issues come in when using associative arrays without quotations, like in the first example:

What is happening?

Using an associative array without putting quotes arround the element means, the element is defined by a constant. Consider the following example:

What do you think is the output of this?

Try it and see, why you should use quotations and concatenate strings properly!

P.S Using the Referer directly in a header() function, without validating the user input, leaves your script open for header injection!

Leave a Reply

Your email address will not be published. Required fields are marked *