Visibility

Private and protected properties of classes are not about security, but provide information about the code for users, to let them know how to use them.

http://php.net/manual/en/language.oop5.visibility.php

Private and protected properties can be read by converting objects to arrays, closures, or by reverse-engineering using the reflection API.

class Foo
{
    private $private = "private";
    protected $protected = "protected";
}

Retrieving the private property value directly results in a fatal error:

$foo = new Foo();
var_dump($foo->private);
// PHP Fatal error:  Uncaught Error: Cannot access private property Foo::$private in 7.php: 17

Converting to an array:

$foo = (array) $foo;
var_dump($foo["\0Foo\0private"]);
var_dump($foo["\0*\0protected"]);
// string(7) "private"
// string(7) "protected"

Using the reflection API:

$foo = new Foo();
$reflection = new ReflectionObject($foo);
$private = $reflection->getProperty('private');
$private->setAccessible(true);
var_dump($private->getValue($foo));
// string(7) "private"

$protected = $reflection->getProperty('protected');
$protected->setAccessible(true);
var_dump($protected->getValue($foo));
// string(7) "protected"

Using a closure:

$foo = new Foo();
var_dump((function(){return $this->private;})->bindTo($foo, $foo)());
var_dump((function(){return $this->protected;})->bindTo($foo, $foo)());
// string(7) "private"
// string(7) "protected"


Found a typo? Something wrong with this content?

Just fork and edit it.

Content of this work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license. Code snippets in examples are published under the CC0 1.0 Universal (CC0 1.0). Thanks to all contributors.