We Keep Coding

PHP Post_method hacking

I ran into the snippet online
https://www.quora.com/Why-is-PHP-hated-by-so-many-developers
when I was doing some research about PHP, and I simply have no idea how the codes work.
Can anyone kindly explain what happens in the snippet and how one can log in without knowing the password?? or just give me some relevant articles to read. Thanks in advance.

See the manual:
Returns ... 0 if they [strings] are equal.
So, by the snippet logic, you should compare 0 to 0 in the end. But when you send password[]=wrong, you actually send an array, forcing strcmp to throw a warning, completely bypassing the function call and perceive the condition as true
You should always use strict comparison, just in case. So in the snippet above it would be enough to compare strictly by type and value (with ===):
if(strcmp($POST['password'], "sekret") === 0)
In this case password[]=wrong would not work anymore.

Simple php preg_match not working for me

I have Googled and looked at a lot of threads on this subject but none answers this issue for me. I have even copied several different filter strings that do the same thing into do my simple validation. They all work on www.functions-online.com/preg_match.htm but none of them are working in my if() statement.
PHP ver. 5.3.3
My code to allow for only Alpha-Numaric and spaces:
$myString = 'My Terrific Game';
if (!preg_match('/^[a-z0-9\s]+$/i', $myString)) { "$errorMessage }
I have even reduced the filter to '/^[a-z]+$/' and the test string to 'mytarrificgame' and it still returns zero. It's as if preg_match() isn't functioning at all.
Anyone have any suggestions?

Some things you need to correct:
You have unclosed quotes in "$errorMessage. It should be $errorMessage or "$errorMessage".
There is no command there. If you want to print the value, use echo $errorMessage.
And is that variable being set anywhere in the code?
This should work
if (!preg_match('/^[a-z0-9\s]+$/i', $myString)) { echo $errorMessage; }
Or, if you think about it, matching only 1 character outside of those allowed should be enough.
Code:
$myString = 'My Terrific Game';
$errorMessage = 'ERROR: Unallowed character';
if (preg_match('/[^a-z0-9\s]/i', $myString)) {
echo $errorMessage;
} else {
echo 'Valid input';
}
ideone Demo

I tried the filter string shown in the 2nd example of the first answer above and it didn't even work on the on-line test page but it did give me a new starting place to solve my dilemma. When I moved the carrot to before the opening bracket, it kind of works but flaky. After trying different things I finally got back to my original '/^[a-z0-9\s]+$\i' and it started working rock solid. I think the reason that it wouldn't work at all for me before is that I was expecting a boolean test on the preg-match() expression to accept a zero as false. This is probably a php version 5.3.3 thing. I tried the following;
if(preg-match('/^[a-z0-9\s]+$/i', $testString) === 0) { "Do Something" }
It is now working. By looking deep into the preg-match() description, I found that it only returns a boolean false if an error occurred. A valid no-match returns a zero.
Thanks to all who looked here and considered my problem.

PHP - Find certain strings in a variable

My latest issue involves trying to find "http://" in a variable. This variable contains the contents of a comments section on a clients website. I have seen all kinds of answers but none of them seem to work. I looked at a few other posts on here and I have yet to get the best answer. Here is what I have so far:
if(strpos($comments, 'http://') == true) {
// Does stuff here
}
I noticed other people use preg_match and some said to do it in an array. I am getting confused, too many options. Just kidding. I would like some clarification though and any advice would be greatly appreciated.

You'll need to say:
if(strpos($comments, 'http://') !== false) {
...since it can return 0 (which is falsey) if http:// is at the beginning of the string.
NOTE: This will only find the first occurrence of http:// in the string.
Take a close look at the reference: http://php.net/manual/en/function.strpos.php

You need to change code like that:
if(strpos($comments, 'http://') === false) {
//no link
}
because strpos return integer which is position your string.
Example:
full string: "http://stackoverflow.com hello"
you finding: "http"
Naturally it return 0.
But
full string: "ahttp://stackoverflow.com"
you finding: "http"
it return 1.
So you must use === operator to check is really 'boolean false'.
If you try to check with == operator, you maybe get fail because it get 0 as false.
more detail: http://php.net/strpos

I found this was a better match: (recommended by phpstorm ide)
if(str_contains($e, '1062 Duplicate entry')) {
}

Coldfusion to PHP

I'm converting an entire site from Coldfusion to PHP. So, expect many question like this. How to write this in PHP:
<cfif cgi.script_name contains "newsletter">

if(stripos($_SERVER['PHP_SELF'],"newsletter") > 0){
should do the exact same. Stripos rather than strpos because coldfusion is case insensitive and a simple compare like ceejayoz would be invalid as that would of course only match a specific file (which however might be desirable in a lot of situations, but isn't the same as your cfml).

The closest equivalent will be something like:
if($_SERVER['PHP_SELF'] == '/newsletter.php') {
// do something
}
There's not always going to be a one-to-one function equivalency between CF and PHP, and more context than you've provided is often going to be important as a result.

The second value added to stripos looks like this:
if(stripos($_SERVER['PHP_SELF'], substr('newsletter', 0))) {
// do something
}

replace all smileys by enumeration in php

Is there any fast (regex-based?) method to replace all smileys in a text, each by an unique corresponding identifier? For example, the first occurrence of :) should be replaced by smiley1, the :)) by smiley2 and another occurrence of :) by smiley1 again? Furthermore, the identifyier should be the same using different text for input
Any potential combination of the typical symbols (<5 chars?) such as :;-()&%}{[]D<>30_o should be recognizable.
Can this be done without a generating a large array of all combinations? In case, how?

Are you looking for preg_replace_callback()? You can even use closures in php 5.3. I am not clear on what the objective is, so at this point this is the best I can provide, if you can clarify, then maybe I can see what I can come up with for sample code.
edit, here's an example from the PHP manual. Doesn't help in this case specifically, but if you just change the regex, the function and the string (basically everything, lol), then it will do the job:
<?php
echo preg_replace_callback('/-([a-z])/', function ($match) {
return strtoupper($match[1]);
}, 'hello-world');
// outputs helloWorld
?>

I don't understand why you can't do:
str_replace(":))","<img src=\"smiley1.jpg\">",$STRING)
str_replace(":)","<img src=\"smiley2.jpg\">",$STRING)
etc... seems to be the most simple solution and logical

Obviously, it cannot be done by using such a str_replace. How would you fetch a ":)))" or maybe a "-.-" which is also not present in your list? Enumerating all potential smileys is a hard task, resulting in n!/(n-k)! candidates. Here, in the example provided above n=18 and k=5...
Thus, I'm asking for a way to use a regex - but I don't how to replace each combination of chars which is intended to represent a smiley each time by the same text.
Idea: is it possible to use a callback function in combination with a hash?

Yeah, Tim! That is exactely what came into my mind when writing the last post. So the solution is
<?php
echo preg_replace_callback("/([\)\(\[\]<>#-\.:;*+{}]{2,9})/", function ($match) {
return " ".md5($match[1])." ";
}, ':::-) :-)) nope (yeah) cool:) }:)');
?>
Thanks!