Select Page

Data Types, Variables and Constants

Data Types, Variables and Constants

Variables in PHP are similar to define and use as with other programming languages.  PHP uses loose typed variables, in other words they do not have to be defined specifically as a datatype upon initialization and can be changed to other data types using expressions.

To set a variable in PHP you only need to assign a value to it, for example $my_variable = “hello”;  Variable names start with a dollar sign $.  The next character must be a letter or underscore and the remaining characters may be letters, names or underscores.  PHP supports three different sets of data types:

  • Scalar Data Types: integer, float, string, boolean
  • Compound Data Types: array, object
  • Special Data Types: resource, null

There are several functions for checking and setting the type of a variable.  In some of the examples below I am using the echo command, which provides us with immediate output generated by the command.  Echo can often be used to print certain things including variables, arrays, etc on screen.

To Check a variable’s type:

echo gettype($variable);

 

Alternatively you can test to see if a variable is of a certain type (returned as either true or false) by using the is_int, is_float, isbook, is_array, is_object, isResource, is_null functions.

To Set a variable’s type:

settype($variable, "type")

 

Alternatively casting can be used when you only want to temporarily use the variable as a different type:

echo (type) $variable;

 

PHP Operators

VulnerabilityThreatsProbability of OccurrencePolicy Suggestions
Lack of Physical ControlPossibility of device being lost or stolen

Exposure of data (people peering over shoulder).
HighEncryption. Restriction of what is stored on the device. Domain authentication in addition to device PIN system.

Prevent use of third party backup services (iCloud).
Use of Non-Corporate Mobile DevicesJailbroken devices connected to the network could breach security.

Insecure / Unauthorized Data Storage
MediumAssume all devices are untrusted. Provide clear guidelines on the restriction or prohibition of personal devices.

Secure organization-issued hardware.

Restrict company-issued devices to connect to PCs. Prevent personal devices connecting to company-issued PCs,
Insecure CommunicationsMan in the middle attacks, eavesdropping.

Bluetooth
LowMake the assumption that external mobile networks are not trustworthy.

Implement effective encryption methods in order to ensure both confidentiality as well as integrity.

Implement mutual authentication mechanisms.
Mobile Apps and Web Content ExploitsIntroduction of malicious code into the network, theft of data, advanced persistent threats.
Brower-based web apps can also introduce risks.

Malicious URLs, QR Codes, placing malicious

Use of Location Services
HighAssume third party apps untrusted. Restrict or prohibit installation of unapproved apps. Risk assessment on third-party app before whitelisting. Restrict browser or secure-sandbox browser.

Educate users on risks of untrusted content. Restrict peripheral use on device (disable camera).

Constants

Constants are used in many programming languages and represent a value that will not change as a variable does.  Examples of constants could include configuration settings, which will remain the same throughout the script.  In PHP a constant can be defined using the define function:

define("MY_CONSTANT", "5.3"); // Setting the string 5.3

 

Related Articles

Series Navigation<< Introduction to PHPConditional Statements and Looping >>