asked on // SURPRISE! $tmpStudent->foo = 'UNWANTED INJECTION';
https://www.experts-exchange.com/questions/28309697/I-do-not-understand-why-properties-are-declared.html?anchorAnswerId=39695372#a39695372
What are the ways to prevent:
// SURPRISE!
$tmpStudent->foo = 'UNWANTED INJECTION';
What are the ways to prevent:
// SURPRISE!
$tmpStudent->foo = 'UNWANTED INJECTION';
PHP
Last Comment
rgb192
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
@gr8gonzo: Great call. I had forgotten about that... Probably because I usually write my own get and set methods. But it will definitely trap the disallowed settings.
ASKER
I do not understand how the set magic method is being called because only a property is
being called
$obj->my_private_property = "foo";
and not a method
$obj->method();
being called
$obj->my_private_property = "foo";
and not a method
$obj->method();
Here are the relevant man pages; all of them need to be understood to get the concept:
http://php.net/__callstatic
http://php.net/manual/en/language.oop5.magic.php
http://php.net/manual/en/language.oop5.overloading.php#object.set
Executive summary: It's "magic" and not part of the regular language syntax. You can decide for yourself whether it's good or not.
http://php.net/__callstatic
http://php.net/manual/en/language.oop5.magic.php
http://php.net/manual/en/language.oop5.overloading.php#object.set
Executive summary: It's "magic" and not part of the regular language syntax. You can decide for yourself whether it's good or not.
ASKER
And thank you for explanation of magic methods