PHP backtick gotcha

March 12th, 2013

Warning: This post is 11 years old. Some of this information may be out of date.

This PHP Snippet caught me out today:

<?php
$data = array(`paswd` => 'test');
print_r($data);

Notice the backticks around the array key? These automatically try executing the key as a shell command, in this case, trying to change the password of the www-data user. A simple typo, but nevertheless, a gotcha.

This is documented at http://php.net/manual/en/language.operators.execution.php