What is “Greedy Token Parsing”?

2019-04-08 00:35发布

What is Greedy Token Parsing in PHP? I was reading a PHP coding guide which said the following...

"Always use single quoted strings unless you need variables parsed, and in cases where you do need variables parsed, use braces to prevent greedy token parsing. You may also use double-quoted strings if the string contains single quotes, so you do not have to use escape characters."

Is this using curly braces around my variables some sort of security process to rule out hacking? (E.g. {$var}) Is greedy token parsing some sort of attack that hackers can use, like SQL injection or XSS (Cross Site Scriptiong

2条回答
爷、活的狠高调
2楼-- · 2019-04-08 00:39

Suppose you want the character "a" to immediately follow the value contained in variable $var. If you write "$vara", that's not going to work because you don't have a variable $vara. The parser is greedy--it assumes that everything following $ should be included if it's legal syntax to include it. "${var}a" prevents that.

查看更多
SAY GOODBYE
3楼-- · 2019-04-08 00:59

Greedy token parsing means that if a sequence of characters includes more than one possible token, the parser will accept the token with the most characters. If you use braces, the parser will stop at the brace, since it is not a part of a token.

查看更多
登录 后发表回答