Data Types, Variables and Constants
Variables in PHP are similar to define and use as with other programming languages. PHP uses loose typed variables, in other words they do not have to be defined specifically as a datatype upon initialization and can be changed to other data types using expressions.
To set a variable in PHP you only need to assign a value to it, for example $my_variable = “hello”; Variable names start with a dollar sign $. The next character must be a letter or underscore and the remaining characters may be letters, names or underscores. PHP supports three different sets of data types:
- Scalar Data Types: integer, float, string, boolean
- Compound Data Types: array, object
- Special Data Types: resource, null
There are several functions for checking and setting the type of a variable. In some of the examples below I am using the echo command, which provides us with immediate output generated by the command. Echo can often be used to print certain things including variables, arrays, etc on screen.
To Check a variable’s type:
Alternatively you can test to see if a variable is of a certain type (returned as either true or false) by using the is_int, is_float, isbook, is_array, is_object, isResource, is_null functions.
To Set a variable’s type:
Alternatively casting can be used when you only want to temporarily use the variable as a different type:
echo (type) $variable;
|Vulnerability||Threats||Probability of Occurrence||Policy Suggestions|
|Lack of Physical Control||Possibility of device being lost or stolen|
Exposure of data (people peering over shoulder).
|High||Encryption. Restriction of what is stored on the device. Domain authentication in addition to device PIN system.
Prevent use of third party backup services (iCloud).
|Use of Non-Corporate Mobile Devices||Jailbroken devices connected to the network could breach security.|
Insecure / Unauthorized Data Storage
|Medium||Assume all devices are untrusted. Provide clear guidelines on the restriction or prohibition of personal devices.
Secure organization-issued hardware.
Restrict company-issued devices to connect to PCs. Prevent personal devices connecting to company-issued PCs,
|Insecure Communications||Man in the middle attacks, eavesdropping.|
|Low||Make the assumption that external mobile networks are not trustworthy.
Implement effective encryption methods in order to ensure both confidentiality as well as integrity.
Implement mutual authentication mechanisms.
|Mobile Apps and Web Content Exploits||Introduction of malicious code into the network, theft of data, advanced persistent threats.|
Brower-based web apps can also introduce risks.
Malicious URLs, QR Codes, placing malicious
Use of Location Services
|High||Assume third party apps untrusted. Restrict or prohibit installation of unapproved apps. Risk assessment on third-party app before whitelisting. Restrict browser or secure-sandbox browser.
Educate users on risks of untrusted content. Restrict peripheral use on device (disable camera).
Constants are used in many programming languages and represent a value that will not change as a variable does. Examples of constants could include configuration settings, which will remain the same throughout the script. In PHP a constant can be defined using the define function:
define("MY_CONSTANT", "5.3"); // Setting the string 5.3