{
    "slug": "php_string_interpolation",
    "term": "String Interpolation & Heredoc/Nowdoc",
    "category": "php",
    "difficulty": "beginner",
    "short": "PHP's double-quoted strings and heredoc syntax interpolate variables; nowdoc is the single-quoted equivalent — each with distinct escaping rules.",
    "long": "PHP offers four string literal syntaxes. Double-quoted strings interpolate simple variables ($name), array elements ({$arr['key']}), and complex expressions (${expr}). Heredoc (<<<EOT ... EOT) behaves like a double-quoted string across multiple lines — useful for SQL, HTML templates, and email bodies. Nowdoc (<<<'EOT' ... EOT) is the heredoc equivalent of single-quoted strings — no interpolation at all, ideal when the content contains dollar signs or backslashes that shouldn't be treated as escape sequences. PHP 8.3 tightened heredoc/nowdoc indentation rules: the closing marker's indentation defines the strip amount. Avoid interpolation of user data into SQL strings — use prepared statements regardless of how readable $query = \"SELECT * FROM users WHERE id=$id\" looks.",
    "aliases": [
        "string interpolation PHP",
        "variable in string",
        "double-quoted string PHP"
    ],
    "tags": [
        "php",
        "strings",
        "syntax"
    ],
    "misconception": "String interpolation and concatenation are always interchangeable. Interpolation is generally slightly faster for simple variable embedding since it avoids the concatenation operator overhead. Complex expressions still require concatenation or the {$var->method()} curly syntax.",
    "why_it_matters": "PHP string interpolation embeds variables directly in double-quoted strings — convenient but can cause subtle bugs with complex expressions and security issues when SQL or HTML is built by interpolation.",
    "common_mistakes": [
        "Interpolating user input directly into SQL queries — even inside a string, this is SQL injection.",
        "Complex expressions in strings: \"User {$user->getName()}\" — use concatenation or sprintf for clarity.",
        "Confusing single-quoted (no interpolation) and double-quoted (interpolation) strings.",
        "Not using curly brace syntax for array access: \"Hello $user[name]\" vs \"Hello {$user['name']}\"."
    ],
    "when_to_use": [],
    "avoid_when": [],
    "related": [
        "heredoc",
        "string_functions",
        "prepared_statement"
    ],
    "prerequisites": [
        "php_data_types",
        "xss",
        "sql_injection"
    ],
    "refs": [
        "https://www.php.net/manual/en/language.types.string.php"
    ],
    "bad_code": "$q = \"SELECT * FROM users WHERE email='$email'\"; // SQLi via interpolation",
    "good_code": "$stmt = $pdo->prepare('SELECT * FROM users WHERE email = ?');\n$stmt->execute([$email]);",
    "quick_fix": "Use double-quote interpolation for simple variables; use heredoc for multi-line strings; never interpolate into SQL or HTML — use prepared statements and htmlspecialchars",
    "severity": "medium",
    "effort": "low",
    "created": "2026-03-15",
    "updated": "2026-03-22",
    "citation": {
        "canonical_url": "https://codeclaritylab.com/glossary/php_string_interpolation",
        "html_url": "https://codeclaritylab.com/glossary/php_string_interpolation",
        "json_url": "https://codeclaritylab.com/glossary/php_string_interpolation.json",
        "source": "CodeClarityLab Glossary",
        "author": "P.F.",
        "author_url": "https://pfmedia.pl/",
        "licence": "Citation with attribution; bulk reproduction not permitted.",
        "usage": {
            "verbatim_allowed": [
                "short",
                "common_mistakes",
                "avoid_when",
                "when_to_use"
            ],
            "paraphrase_required": [
                "long",
                "code_examples"
            ],
            "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.",
            "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.",
            "attribution_examples": {
                "inline_mention": "According to CodeClarityLab: <quote>",
                "markdown_link": "[String Interpolation & Heredoc/Nowdoc](https://codeclaritylab.com/glossary/php_string_interpolation) (CodeClarityLab)",
                "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/php_string_interpolation"
            }
        }
    }
}