My previous question (ob_get_status() has undocumented bits set in 'flags' entry) revealed that there are some undocumented flags that may be passed into output buffer callback functions (i.e. the function specified when setting your output buffer, using ob_start()).
One of these flags (undocumented, but revealed by the PHP source code) is PHP_OUTPUT_HANDLER_DISABLED and this is what I am receiving when I call ob_get_status(true) in my application.
My question is, what are the situations that can cause an output buffer to be marked as disabled?
(Note that I am asking in the general case, rather than specifically asking about my code, as I feel that too much context would be required to give a specific answer. If I understand the possible reasons, I hope I can deduce which of them might apply in my situation.)
I think I've cracked it!
It looks like there is a bug in PHP >= 5.4 that affects the way false is handled when returned from an output buffer callback function after a 'clean' operation.
The documentation states:
If callback returns false original input is sent to the browser.
This statement implies that the following two callbacks are always identical:
function OBCallback($Output) {
return $Output;
}
function OBCallback($Output) {
return false;
}
On PHP 5.3 and below, that is true - they do behave in an identical manner. However, on PHP 5.4 and above, there is a difference when the callback is being called in the context of a 'clean' operation.
In this situation, returning false from the function is treated as an error, and this results in the output buffer being disabled. This is why my code has the PHP_OUTPUT_HANDLER_DISABLED flag set in the handler's status entry; my code includes an ob_clean() at one point and my handler is returning false in all instances.
Paradoxically, returning the supplied buffer in response to a 'clean' operation (which contains the contents of the buffer prior to the clean) does not cause an error, nor does it cause the returned buffer to be output.
This is the exact opposite of what you might expect - surely, returning a non-empty buffer in response to a 'clean' operation should result in an error, whilst returning false (indicating 'continue with default action') should result in the buffer being cleaned automatically.
In addition, no PHP error, warning or notice is raised when this happens, so you will not be notified that your handler was disabled!
I have created a fiddle to demonstrate the two scenarios, to show how it differs between PHP versions: https://3v4l.org/66cai
tl;dr
Make sure you always return a string from your callback function, rather than false, to avoid weird bugs (despite what the documentation says).
Related
Under certain circumstances, the built-in function in PHP called mysqli_query returns null. Such behaviour is not foreseen by the function's documentation that explains how to use it, so I tried to dive in PHP's source code itself, posted on GitHub, to see if I can figure out why sometimes mysqli_query returns null.
The queries themselves doesn't seem to be the problem: I tested the relevant SQL queries in two different ways:
Executing them manually in the MySQL Server. They work correctly.
Within a script that I created with the single purpose of testing the queries through mysqli_query(). They work under this test, and the function returns true.
However, under certain conditions, those same queries return null. The mysqli link object exists when mysqli_query function starts running, when this "returning null failure" happens.
So, looking in the PHP's GitHub repository, i found the file called mysqli_nonapi.c and, in line 556 within this file, what seems to be the built-in mysqli_query definition. Looking at the code within, it looks like it performs a basic check and, if it fails, it returns null. Here are the first lines linked above:
/* {{{ proto mixed mysqli_query(object link, string query [,int resultmode]) */
PHP_FUNCTION(mysqli_query){
MY_MYSQL *mysql;
zval *mysql_link;
MYSQLI_RESOURCE *mysqli_resource;
MYSQL_RES *result = NULL;
char *query = NULL;
size_t query_len;
zend_long resultmode = MYSQLI_STORE_RESULT;
if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os|l", &mysql_link, mysqli_link_class_entry, &query, &query_len, &resultmode) == FAILURE) {
return;
}
// [...]
}
Even though I have used sometimes C code, I just know a little about C. I am aware that it uses pointers and I guess those parameters which name start with * are pointers. Anyways, I am not sure on how to interpretate this piece of code, or figuring out how it's internal flow affects PHP execution.
Long story short: I can assume somehow, the initial check shown above within the function failed for some reason. But, to find out why, I need to understand that piece of code first.
I am afraid I cannot isolate the issue to trigger the error outside production environment, which would be very useful for exhaustive testing. So, what options do I have left? Is there something I can do to debug that internal piece of code, or otherwise, figuring out why it might be failing within?
I made the tests in both PHP5 and PHP7; it fails the same way in both of them.
This is called undefined behaviour in PHP. Most instances of it have been eradicated in PHP 8, but prior to that version when you passed a wrong parameter to a built-in function, that function would usually throw a warning and return null (or false).
There were a lot of circumstances when no warning was produced at all! This behaviour was not documented on each page as this would be a mess and by definition "undefined behaviour" has no defined behaviour.
This means that code like the following would throw no warning and simply return null:
// V - string passed instead of a numerical value
var_dump(mysqli_query($mysqli, 'SELECT 1', 'foo'));
PHP was very forgiving with parameter types and when you passed the wrong type, it tried to convert it into the proper type, but when this was not possible then PHP had no defined behaviour of what should happen. Thankfully, this has been fixed in 99% of cases in PHP 8.0.
More specifically, can the block of code
ob_start();
echo $astring;
$astring = ob_get_clean();
change the value of $astring ? In other words, I want to know how reliable is the combination of echo, output-buffering and getting the buffer. Of course, I have tested it. With simple strings, in my tests, the string stays the same. I want to know if I can rely on this being always the case. Is there any possible exception? What could make a difference is the occurrence of special escape characters in the string, things like that.
null is technically not a string but
<?php
$x=null;
ob_start();
echo $x;
$y=ob_get_clean();
var_dump($x); //NULL
var_dump($y); //string(0) ""
which is roughly casting null to string. similar results with other non string types
Update: this answer does not actually address the OP's issue. We continued the discussion in the chat (see the comments on the question) and it seems the OP was satisfied with the explanation I gave there and clarified themselves their bewilderment.
As I promised in the comment, this is a piece of code that will make your code fail. It is artificially created for this discussion.
However, when you work on a big project, the error handler can be installed somewhere in a deeply included file (or by the framework), the effect of unset($astring); could be achieved by a typo or by simply forgetting to store a value into the variable and the final result comes in unexpected.
// Install an error handler that will output the error messages it gets
set_error_handler(
function($errno, $errstr) {
echo('The error #'.$errno.' happened. The message is: '.$errstr);
return FALSE;
},
E_NOTICE
);
// Ensure the notices won't show to the surface (they will pollute the
// script's output on screen only, they do not change the output buffer)
// You can use error_reporting(0) as well, it still works as expected.
error_reporting(E_ALL & ~E_NOTICE);
// Force PHP trigger an E_NOTICE
// the error handler installed above will kick in and mess the output
unset($astring);
// The innocent block of code
ob_start();
echo $astring;
$astring = ob_get_clean();
// Check the results
echo("================\n");
echo('The content of variable $astring is: [[['.$astring."]]]\n");
This is a paste and cut of a comment made by axiac: The output buffer is nothing else than a hidden string variable. It is as reliable as any other string variable to hold any amount of text, limited by the memory_limit php.ini configuration (minus other data your script creates and the internal PHP structures for memory management) and the amount of memory available on the computer (which is virtually unlimited due to paging).
With PHP's SessionHandler there is SessionHandler::write() which returns a value. The manual is somewhat vague about it:
Return Values
The return value (usually TRUE on success, FALSE on failure). Note this value is returned internally to PHP for processing.
(same for the interface)
I wonder what the meaning of that processing by PHP is.
I already was that clever and looked into session_set_save_handler but there the return value for the write() callback isn't even mentioned.
Well, "returned internally to PHP" in this context means: It is not passed back to your code (as the return type for session_write_close() is void.)
In other words, what PHP does with it should be treated as unknown (unless you look at the actual C source of PHP); thus I would simply follow the advice of returning true on success, and false if your custom session handler was somehow unable to write the session data.
If I should guess, I would say that maybe PHP generates a warning message, or maybe that ist just intended for use in a later version of PHP.
A way to find out would be to simply override SessionHandler::write() to always return false and see what happens. Check the console for any warnings.
I believe that all of these (and even die() or die(0)) are identical. If they are not identical, which is preferred for exiting a script successfully? If they are identical, is there any preferred standard to indicate successful script completion? I tend to use exit;.
EDIT: All of the answers have "die() and exit() are identical" even though I say that in my question. I updated to the title to hopefully make it clearer that this is NOT my question. I want to clearly indicate success from a command line script.
These are all identical. I'm pretty sure die() is just a straight-up alias to exit(), but even if it isn't, it still acts identically.
When one of these functions is given a string argument, it prints out the string before terminating the process. When it encounters an integer under 255, that integer is considered the return code for the process, which gets passed back to the process which invoked the PHP script. This is particularly useful when writing command line applications (PHP isn't web-only!).
As far as the difference between exit, exit(), and exit(0), there really is none. There is definitely no difference between the first two because exit is technically a language construct, not a function, so it can be called with or without parentheses, just like echo. Returning a code of 0 means "this program ran successfully/without errors", and while I don't know what exactly happens when you don't pass an argument, PHP.net says that an argument-less exit indicates success, so I would bet it returns 0, though again PHP.net doesn't show a default for the argument.
As several people have mentioned, die() and exit() are exactly the same.
If you look at the PHP documentation, there are two options for arguments:
An numeric value. This is only useful if you are using PHP from the command line, as opposed to a web server. A value of zero indicates success. Nonzero indicates a failure condition occurred.
A string value. This will be displayed to the browser when the exit occurs.
Instead of die() or exit(), I recommend using exceptions and a custom top-level exception handler to manage failure conditions.
You have more flexibility that way to do things like automatic error logging. Also, if you're using PHP to implement a JSON API, this exception handler can hand back a valid, error-indicating JSON snippet instead.
I would say that in regards with a better semantics die($arg); should be used for an abnormal or unexpected termination, even when -of course- you still have caught it. And exit($arg); should be used for a normal (expected / controlled) end of a process, like in break; for a for or while or a switch structure but with a definitive end.
Nevertheless .. I personally often use a general if { } else { } structure to control different branches of huge processes or output buffering so not having to use "exit" ..
I also use die($arg) in simple error-catching semantics like in
$db = mysql_connect([$args]) or die ($error); ...
die(); is just a synonym for exit(); and is functionally identical.
The standard way is to use exit code zero to signify success, and anything else to denote an error condition.
die() is typically used to kill the script with an error output:
die("There was a fatal error");
where-as exit is typically used as a successful exit (At least in my coding)
The PHP Manual says that the functions are identical.
I will get downvoted to hell, but in some cases when hacking in CLI, we do not want the program to get killed, while not wanting to continue the full execution.
Here the goal is to avoid making api calls to a separate hand-point file. Say I have a nice play button in my interface, that execute system calls.
Example 1: The program get killed after the job , no datas returned. This is not wanted.
if ($_GET["play"] != ""){
// Some job
exit;
}
/* Huge amount of data*/
Example 2: The program still runs, feeding the whole data in the GET request. This is unnecessary on this case. This is slowing down the browser with all the data, that he has already.
if ($_GET["play"] != ""){
// Some job
}
/* Huge amount of data*/
Example 3: The program still runs, no data returned as expected, the play command had been executed, but the whole data set get parsed, this is unnecessary job, can slow down php/the machine.
/* Huge amount of data*/
if ($_GET["play"] != ""){
// Some job
}
Example 4: The program still runs, no data returned as expected, the play command had been executed, the whole data had not been parsed, php returned super quickly 200OK with an empty response, as expected. Everyone happy!
if ($_GET["play"] != ""){
// Some job
goto END;
}
/* Huge amount of data*/
END;
Yes! Using GOTO, sometimes is to be considered -as the best to do 🔨 -!
https://www.php.net/manual/en/control-structures.goto.php
die is exactly equivalent to exit.
From the manual:
If status is an integer, that value will be used as the exit status..
This is only useful if you have some sort of wrapper that does something based on the exit status. Unless you have a specific need to report an exit code to the outside world, just exit;.
I have a primarily Ajax-driven site, the content of which is populated by making requests to an "operator" PHP script.
While typically these requests originate in Javascript, there are occasions when it's useful to query my operator from within another PHP script.
The method I have been using is to pass a URL with query string through file_get_contents() — and then to parse the returned JSON with json_decode().
For multiple reasons, I'd like to avoid this implementation, though... I see in my error logs that the URL requests are a lot more susceptible to failure for whatever reason — and I've read that it's not very efficient.
My 1st attempt to make a generic query_operator($query_string)-type function simply require()-ed operator.php within an output buffer, captured with ob_get_contents(). I also temporarily reset the $_REQUEST array with parameters parsed from the $query_string.
This approach had too many shortcomings — problems with variable scope and the MySQL connection, specifically.
My 2nd attempt involved using the backtick operator (equivalent to shell_exec()), and mapping the $argv arguments to the $_REQUEST array.
This approach actually works very well, but on the host I'm using, the PHP (cli) version is set a 4.4.8 — and I need 5.2.x. Assuming I can't switch the (cli) version, what's the next best way to sandbox a request to another PHP script, with a query string? Any suggestions greatly appreciated.
Here's what my 2nd attempt looks like:
function query_operator($query) {
$query = '--'.str_ireplace('&', ' --', $query);
$contents = `php operator.php $query`;
if ($json = json_decode($contents, true)) {
return $json;
} else {
return $contents;
}
}
The best thing to do, in the long run, is to factor your code.
Whatever logic operator.php is doing that is needed should live in some library, which can then be used by operator.php and any other script that needs it.
When you do that, you'll avoid all the overhead of an extra PHP process, communication between two processes, and probably all your json-encoding/decoding.
If factoring is too much work to take on now, either of the strategies you describe should work as a kludge. It might be worth looking into why your make-a-loopback-http-request method (the first thing you described) caused errors. It really ought to work well, even if it's inefficient.