Don’t copy variables for no reason

Sometimes PHP novices attempt to make their code “cleaner” by copying predefined variables to variables with shorter names before working with them. What this actually results in is doubled memory consumption (when the variable is altered), and therefore, slow scripts. In the following example, if a user had inserted 512KB worth of characters into a textarea field. This implementation would result in nearly 1MB of memory being used.

$description = strip_tags($_POST['description']);
echo $description;

There’s no reason to copy the variable above. You can simply do this operation inline and avoid the extra memory consumption:

echo strip_tags($_POST['description']);

Read previous post:
Security is not a product, but a process

The mantra of any good security engineer is “Security is not a product, but a process." It's more than just...

Close