Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Are there any known points to be careful about buffer overruns in PHP? Currently I take an email address from a form, run it through preg_match to check it's only a single address, call the mail function with it, and store another load of form data in a database using PDOStatement::bindValue().
Anything to worry about?
If you are asking if it's possible to write code in PHP that contains buffer overflow vulnerabilities, then the answer is no. You can't have those in PHP, it manages the memory for you and you can't directly alter the memory. The only scenario is that PHP itself has a (security) bug, which you can mitigate by keeping PHP up to date.
In addition to using preg_match to check for proper formatting, I wouldn't do anything with user input without checking its length first. I could probably come up with a 10,000 character string that would pass a simple formatting check.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to make sure visitors to my site can't see the PHP code that's generating the page. Here is a reference: http://may.edu.np/tmp/
Can anyone explain to me how server-side scripts are interpreted and how the result is delivered to the end user?
If I understand your question correctly, no one should be able to access your source code so long as they don't have access to the server. When a browser makes a request for a .php file to the server, the server knows that it must first interpret the script and then send the output from your echo statements and/or inline HTML. As far as I know, there's no way for the user to "trick" the server into sending it as plain text, so I wouldn't worry about that. Also, as long as you disable error reporting, no one should even know you're running php, as there's no ".php" in the URL. Hope this helps :)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I want to type php coding in textarea, then after submit it should run the php coding and produce result. Is this possible ?
To upload changes in live, I need to get two level approve, If any errors occur i could't fix it quickly, If above thing is possible I can enable error log, dynamically print array and so on...
Yes, you can POST value of textarea and then evaluate its content as PHP code using eval function, but make sure you restrict access to this feature, because it's very dangerous if you allow random people to use it. You can even simulate something like online php compiler using AJAX calls.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Someone asked me to cache the XML call im pulling in to prevent server trouble. But now my question is, what exactly is caching, and how do i do it?
Hope to find some answers here.
Is it a way to save the XML output to a file, and then use that file? But how do i check if there are any updates than, or when somebody closes the browser? Or do i store the XML in a SESSION or COOKIE?
Caching is the action to remember your calls during a limited time in order to prevent unnecessary calls.
For exemple, it can be like this :
You check if there is something already cached.
There is nothing, so you make your call.
You save the answer of your call for a limited time.
Next time you will check the cache, you won't call, but just user the saved answer.
You can be inspired by this script : http://www.finalwebsites.com/snippets.php?id=49
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I got input type field and value in that field is changing when I move bar on range slider.
Can someone help me to write some if condition.
I want when the value is 1 to echo "one"... when value is 2 to echo "two"...
here is range slider and input type="text" with values.
link to page I am trying to do :)
Thanks!
bored enough to bother:
$out=array('1'=>'one','2'=>'two'); //etc
echo $out[$_POST['selected']];
Your question, as phrased, is going to be difficult to answer. Here's why:
You are working with an interaction between an HTML web form and a PHP script. However, you didn't provide any example code, so it's impossible to know how you are setting up this interaction.
It might be better to approach this purely as a javascript or jQuery solution - but without knowing what you are doing with the end result, it's impossible to make that judgment or offer guidance.
If you are hoping for a strict PHP solution, how would you like the data returned - if you need it returned at all. A PHP script to do what you ask is fairly simple - but the return portion can be involved.
Perhaps you're simply looking for the PHP switch statement?
Are you actually trying to convert an int or float to it's string text? Take a look at this answer...
Finally, you might want to review the write-up on asking questions. You'll get better answers.
mnr
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Found a weird hack today someone was exploiting,
was wondering how this arbitary code could execute thousands of emails an hour.
http://pastebin.com/m7nBSmfB
There's nothing weird about the code you posted -- it builds up a PHP function in an obfuscated fashion -- then it calls the generated code.
The real problem/issue is, how is your server being made to run this code? If you have indeed been exploited by this, it's because you're allowing them to run arbitrary PHP code on your server.
You need to figure out how that happened.