为什么 PHP 私有类 var 不是私有的?
我在编程时遇到了这个问题: 在下面的代码示例中,公共函数设置私有变量。现在,人们会期望该私有变量的内容是私有的,认为 $GLOBALS 变量(超全局变量)可以访问它,并且至少可以读取它。为什么?有办法防止这种情况吗?
<?PHP
error_reporting( E_ALL );
class test {
private $test = '';
public function test()
{
$this->test = 'Can u see me?';
}
}
$b = new test();
$b->test();
pre( $GLOBALS['b'] );
// Result:
// test Object
// (
// [test:test:private] => Can u see me?
// )
somefunc();
function somefunc()
{
pre( $GLOBALS['b'] );
// Result:
// test Object
// (
// [test:test:private] => Can u see me?
// )
}
echo $b->test;
// Result:
// Fatal error: Cannot access private property test::$test
function pre( $a ) {
echo '<pre>';
print_r( $a );
echo '</pre>';
}
?>
谢谢你, 杰弗里
I was programming, and came across this problem:
In the code sample below, a public function sets a private varriable. Now one would expect the content of that private varriable is private, thought the $GLOBALS varriable (a superglobal) can access it, and at least read it. why? is there a way to prefent this?
<?PHP
error_reporting( E_ALL );
class test {
private $test = '';
public function test()
{
$this->test = 'Can u see me?';
}
}
$b = new test();
$b->test();
pre( $GLOBALS['b'] );
// Result:
// test Object
// (
// [test:test:private] => Can u see me?
// )
somefunc();
function somefunc()
{
pre( $GLOBALS['b'] );
// Result:
// test Object
// (
// [test:test:private] => Can u see me?
// )
}
echo $b->test;
// Result:
// Fatal error: Cannot access private property test::$test
function pre( $a ) {
echo '<pre>';
print_r( $a );
echo '</pre>';
}
?>
Thank you,
Jeffrey
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
private
关键字的作用是从编程角度防止属性/方法在类外部被访问。服务函数print_r
和var_dump
仍然能够看到它们。所以原因是封装,而不是字面上隐藏数据
private
keyword is about preventing the property/method from being accessed outside the class from the programming perspective. The service functionsprint_r
andvar_dump
still able to see them.So the reason is encapsulation, not literal hiding the data
您可以全局访问
$GLOBALS
中的任何内容,但这并不能改变您所获取的对象内的变量具有其自己的私有变量的事实。简单地将一个对象放入
$GLOBALS
中并不会神奇地使其所有成员变量变为公共。那太疯狂了,并且会破坏各种各样的东西。对对象的引用是全局的,仅此而已。You can access anything in
$GLOBALS
globally, but that doesn't change the fact that the variable within the object you're getting at has its own private variables.Simply putting an object in
$GLOBALS
doesn't magically make all of its member variables public. That'd be insane, and break all sorts of things. The reference to the object is what is global, nothing more.这就是
GLOBALS
所做的。它包含当前在脚本中定义的所有变量,无论它们是在何处或如何定义的。这包括私有变量。That's simply what
GLOBALS
does. It has all variables that are currently defined in the script, no matter where or how they were defined. This includes private variables.pre()
、print_r()
和var_dump()
等内置函数用于调试目的,因此可以向您显示完整的结构它可以到达的任何对象引用。安全漏洞?也许,只是不要让人们在生产环境中注入代码或使用这些命令。
Built-in functions like
pre()
,print_r()
andvar_dump()
are for debug purposes and therefore can show you the complete structure of any object reference it can reach.Security loophole? Maybe, simply don't let people inject code or use these commands in a production environment.