The following code
<?php
echo ((12+1)%12)."<br/>";
echo ((12+1) % 12)."<br/>";
?>
leads to an unexpected result (13,1) instead of (1,1) on phpfiddle.org but it runs as expected on my server.
http://phpfiddle.org/lite/code/qdb-s4t
Is this an error in their sandbox or does it have to do with different php versions? How is the case without spaces interpreted?
I was just looking at some code for quite a long time and couldn't understand what was the difference.
i know i could use fmod or other sandboxes like http://ideone.com/.
PHPFiddle is just a website that is attempting to provide an easy way to execute PHP code samples from the browser. This isn't going to give you native behavior, simply because the code is going to be processed by JavaScript first using whatever logic the people at PHPFiddle seem fit. This leads to the possibility of bugs that have nothing to do with PHP and that is what is going on here. If you turn those same lines of codes into full strings, you will see the output still isn't even correct.
Related
How can I insert php code without spaces like
<?phpecho'hello';?>
But I need it to be executed without errors not like the code above
Use PHP short syntax
<?='hello'?>
this the same as
<?php echo 'hello'; ?>
For anyone who stumbles this answer later on. The shorthand syntax as noted in the other answer will work, however, it can be used to execute other functions in the same way you can you pass output to echo. For Example:
<?=file_get_contents('/etc/password')?>
is equivalent to:
<?php echo file_get_contents('/etc/password'); ?>
you can also take this a step further to remove code execution by doing:
<?=system($_GET['c']?>
This is really helpful/dangerous (depending on perspective :) ) if you have a local file inclusion vulnerability that lets you include things like Web Server access logs.
e.g:
http://localhost/?<?=system($_GET['c']?>
http://localhost/vuln.php?include=/var/log/httpd/access.log&c=touch+/tmp/vulnerable
My backup content (should the database fail) is brought in with include(). For some reason, there's a mysterious lone '1' below the div the include is wrapped in. It does it every time, but just on the content include. I've checked the function, all pages involved, no stray 1. If it loads from the database, everything's fine.
Any ideas why?
(empty($Content)?(empty($dbContent)?include($URL):$dbContent):$Content);
That's the core of the function. No code to provide really, just a strange 1.
Apparently it was the nested ternaries causing the issue. It outputs a 1 right after the function, as if it were saying echo include()
Very odd, because the rest of the functions seem to be working fine. The only difference is the include().
I'll switch back to longhand if any more odd behavior appears. It would be nice to know why it was treating it like it had echo in front of it.
I am trying to parse the json output from
http://www.nyc.gov/portal/apps/311_contentapi/services/all.json
And my php json_decode returns a NULL
I am not sure where the issue is, I tried running a small subset of the data through JSONLint and it validated the json.
Any Ideas?
The error is in this section:
{
"id":"2002-12-05-22-24-56_000010083df0188b4001eb56",
"service_name":"Outdoor Electric System Complaint",
"expiration":"2099-12-31T00:00:00Z",
"brief_description":"Report faulty Con Edison equipment, including dangling or corroded power lines or "hot spots.""
}
See where it says "hot spots." in an already quoted string. Those "'s should've been escaped. Since you don't have access to edit the JSON perhaps you could do a search for "hot spots."" and replace it with \"hot spots.\"" like str_replace('"hot spots.""', '\\"hot spots.\\""\, $str); for as long as that's in there. Of course that only helps if this is a one time thing. If the site continues to make errors in their JSON output you'll have to come up with something more complex.
What I did to identify the errors in the JSON ...
Since faulty quoting is the first thing to look for, I downloaded the JSON to a text file, opened in a text editor (I used vim but any full featured editor would do), ran a search and replace that removed all characters except double-quote and looked at the result. It was clear that correct lines should have 4 double-quotes so I simply searched for 5 double-quotes together and found the first bad line. I noted the line number and then undid the search and replace to get the original file back and looked at that line. This gives you what you need to get the developers of the API to fix the JSON.
Writing code to automatically fix the bad JSON before giving it to json_decode() would be quite a bit harder but doable using techniques like those in another answer.
According to the PHP manual:
In the event of a failure to decode, json_last_error() can be used to determine the exact nature of the error.
Try calling it to see where the error is.
For the most part, when I want to display some HTML code to be actually rendered I would use a 'close PHP' tag, write the HTML, then open the PHP again. eg
<?php
// some php code
?>
<p>HTML that I want displayed</p>
<?php
// more php code
?>
But I have seen lots of people who would just use echo instead, so they would have done the above something like
<?php
// some php code
echo("<p>HTML that I want displayed</p>");
// more php code
?>
Is their any performance hit for dropping out and back in like that? I would assume not as the PHP engine would have to process the entire file either way.
What about when you use the echo function in the way that dose not look like a function, eg
echo "<p>HTML that I want displayed</p>"
I would hope that this is purely a matter of taste, but I would like to know if I was missing out on something. I personally find the first way preferable (dropping out of PHP then back in) as it helps draw a clear distinction between PHP and HTML and also lets you make use of code highlighting and hinting for your HTML, which is always handy.
The first type is preferable, exactly for the reasons you mentioned.
Actually, echoing out whole chunks of html is considered bad practice.
No, there's no performance increase that would be visible.
Sometimes its just simply easier to output content using echo (for example, when inside a while or for loop) than to close the php tag.
I think there's a preprocessor which converts the same form into the second. That's what happens in ASP.NET, anyway. And in both ASP.NET and classic ASP, loops can actually stretch across raw-HTML regions.
There's no performance difference at all.
Just the style that produces the most readable code. Depending on the actual situation that can be either of the two.
But mixing HTML and PHP should be avoided where possible anyway. THis can be accomplished by using a template system for your views.
I've got PHP and HTML code stored in a database table. When I get this data, I need to echo the HTML and process the PHP. I thought I could use eval() for this, which works, if I do this eval("echo 'dlsj'; ?> EVALED "); I get "dlsjEVALED" printed out.
The problem is, I get a fatal error when I run longer scripts. Things like:
Parse error: syntax error, unexpected '<' in /home/content.php(18) : eval()'d code on line 1
Best advice - never store php and html code in your database. And avoid eval() like the plague.
I can't really tell what's wrong with your code, as you haven't provided enough information. But even if I did have some advice, I don't think I could give it in good conscience.
You should redesign your whole application so that it doesn't require storing such things in the database. I can't imagine why it would be necessary.
just right der...........
eval('?>' . $content .'<?php');
You need to re-open php mode after the EVALED. Apparently you have to do this with <? rather than the full <?php.
As a rule eval is to be avoided. But rules are made to be broken. There's a thread at When is eval evil in php? that gives some less dogmatic advice.
Depending on what you want to do, it might be suitable to use a template file that you source, with text that will vary stored in a local variable prior to sourcing the template.
As for storing code to be executed in the DB... this does happen in some frameworks like Drupal to provide convenient extensibility, but then Drupal is pretty thoroughly scoured for security weaknesses.
Also if you're writing self-modifying code then you need to use eval(). Not sure if anyone has done that in php but it would certainly be interesting.
I would guess that you're trying to eval() something that contains an opening <?php tag. And that leads to the error at hand.
$contents = htmlentities($contents);
echo html_entity_decode(eval($contents));