I found some strange cases accidentally that are not working with sprintf php function. Anybody had the same issues or knows an explanation for it?
Here is the case that is not working:
$value = 1.15;
echo sprintf("%03d",($value*100));
If $value is defined by 1.15 * 2^n, then the result always gonna be wrong.
If I run the function with another value, it's working well.
For correction, I used strval function like this:
echo sprintf("%03d",(strval($value*100)));
This way it works without any problems.
Somebody has an ideea what it's happening?
Thank you in advance!
Related
{$row['info']}
How do I use stripslashes() php function on this?
I've tried :
stripslashes({$row['info']}), doesnt work and this: {stripslashes($row['info'])}
Neither work.
Do I have to use a $var first??
Thanks
stripslashes returns the modified string, leaving its argument unchanged. You have to assign the result to a variable:
$var = stripslashes($row['info']);
That said, why are you doing this? You almost certainly shouldn't be. There is no reason to strip slashes on data coming from the database, unless you've double-escaped the slashes when the data was inserted.
Your question is somewhat confusing.
stripslashes() takes parameter and converts backslashed symbols to normal ones. more over, it does not affect the parameter. it returns stripped version.
so $result = stripslashes($source) or $row["info"] in your case.
$var = stripslashes($row['info']);
is more correct. Or in string, use it like this
echo "something".stripslashes($row['info'])." some more thingy";
It almost seems, that you are using heredoc syntax because of your {}. Question, is why? Are you seriously displaying your results like this?:
echo <<<my_results
Info: {$row['info']}
my_results;
Well, since that is cool way to do so then here is your fix:
$row_info = stripslashes($row['info']);
echo <<<my_results
Info: {$row_info}
my_results;
However, I do not recommend that approach. Rather do it like this:
echo 'Info:' . stripslashes($row['info']);
Because {stripslashes($row['info'])} doesn't work indeed and stripslashes({$row['info']}) is an anecdote!
I have this, which is calling an integer value say: 2500.
echo "number_format({$row2['count(cID))";
This gives me an undesired output.
How do I fix this? How am i implementing the function wrong here? (I mean obviously I am)
If I guessed right, you want something like this:
echo number_format($row2['count(cID)']);
I suppose you are getting a column from the database and calling it 'count(cID)', but it's really hard to know what you need. Try providing more details.
Didn't you mean
echo number_format($row2[count($cId)]);
?
i have the following code snippet, in an appliation working with Zend Framework. I know what Zend Date does.. thats not the problem.
But the coder simply calls "$date" , and i dont know if this does something?
$date = new Zend_Date(time());
$date->addDay(1);
$date;
// save date, or do something else
...
I can't imagine a situation where simply stating a variable, whether it be an object, string, or otherwise, would perform some kind of action. It might just be a mistake.
As far as I can tell, it does nothing except using up some CPU cycles.
Maybe it had other use before, like echo $date;. Just writing a variable does absolutely nothing.
It adds a day to $date. Where is the confusion? The 3rd line does nothing.
this may seem like a stupid question, but it is stumping me nontheless. I'm sure that the answer is something small. I think it's just one of those situations where I have been looking at the code for too long.
I am trying to compare two PHP variables to see if they are the same. As you can see below, I am comparing $verification_answer with strrev(date("Ymd")) which is today's date, reversed. So today, $verification_answer would be 31700102. Every time I try to do the comparison, however, the if statement executes (as a non-match).
$verification_answer = strrev(date("Ymd"));
if($verification != $verification_answer){
$failed .= "<h2>Attention:</h2><p>The verification code is incorrect. Please try again.</p>";
}
Can anyone see the issue? Thanks!
UPDATE: $verification is from HTML user input:
$verification = mysql_escape_string($_POST['verification']);
There's nothing wrong with the if statement. Display the two values and you should see some sort of difference:
var_dump($verification);
var_dump($verification_answer);
Perhaps $verification doesn't contain what you think it does, or you misspelled it earlier and assigned to a different variable, or...
I am comparing $verification_answer with strrev(date("Ymd"))
If that's actually what you intended to do, I think you messed up the name of the variable in the first line; it should be:
$verification = strrev(date("Ymd"));
If you accidentally overwrote the value of $verification_answer and used $verification in a comparison when it's undefined, the comparison will always be false. PHP will emit a warning, but if you have them disabled you won't see it
I must have spelled verification wrong somewhere...I copy and pasted 'verification' over each existing variable name and it fixed the problem. Thanks!
I found this line of code in the Virtuemart plugin for Joomla on line 2136 in administrator/components/com_virtuemart/classes/ps_product.php
eval ("\$text_including_tax = \"$text_including_tax\";");
Scrap my previous answer.
The reason this eval() is here is shown in the php eval docs
This is what's happening:
$text_including_tax = '$tax ...';
...
$tax = 10;
...
eval ("\$text_including_tax = \"$text_including_tax\";");
At the end of this $text_including_tax is equal to:
"10 ..."
The single quotes prevents $tax being included in the original definition of the string. By using eval() it forces it to re-evaluate the string and include the value for $tax in the string.
I'm not a fan of this particular method, but it is correct. An alternative could be to use sprintf()
This code seems to be a bad way of forcing $text_including_tax to be a string.
The reason it is bad is because if $text_including_tax can contain data entered by a user it is possible for them to execute arbitrary code.
For example if $text_include_tax was set to equal:
"\"; readfile('/etc/passwd'); $_dummy = \"";
The eval would become:
eval("$text_include_tax = \"\"; readfile('/etc/passwd'); $_dummy =\"\";");
Giving the malicious user a dump of the passwd file.
A more correct method for doing this would be to cast the variable to string:
$text_include_tax = (string) $text_include_tax;
or even just:
$text_include_tax = "$text_include_tax";
If the data $text_include_tax is only an internal variable or contains already validated content there isn't a security risk. But it's still a bad way to convert a variable to a string because there are more obvious and safer ways to do it.
I'm guessing that it's a funky way of forcing $text_including_tax to be a string and not a number.
Perhaps it's an attempt to cast the variable as a string? Just a guess.
You will need the eval to get the tax rate into the output. Just moved this to a new server and for some reason this line caused a server error. As a quick fix, I changed it to:
//eval ("\$text_including_tax = \"$text_including_tax\";");
$text_including_tax = str_replace('$tax', $tax, $text_including_tax);
It is evaluating the string as PHP code.
But it seems to be making a variable equal itself? Weird.
As others have pointed out, it's code written by someone who doesn't know what on earth they're doing.
I also had a quick browse of the code to find a total lack of text escaping when putting HTML/URIs/etc. together. There are probably many injection holes to be found here in addition to the eval issues, if you can be bothered to audit it properly.
I would not want this code running on my server.
I've looked through that codebase before. It's some of the worst PHP I have seen.
I imagine you'd do that kind of thing to cover up mistakes you made somewhere else.
No, it's doing this:
Say $text_including_tax = "flat". This code evaluates the line:
$flat = "flat";
It isn't necessarily good, but I did use a technique like this once to suck all the MySQL variables in an array like this:
while ($row = mysql_fetch_assoc($result)) {
$var = $row["Variable_name"];
$$var = $row["Value"];
}