Can anybody please tell me what this means in PHP?
var_export($_REQUEST, true)
It converts $_REQUEST to a string, which would evaluate to the array, then returns it.
See the documentation of var_export.
Actually, your code tries to execute var_export(Array, true) in a shell as you have backticks around it (even though you most likely just accidentally put them when posting the line as code here on SO).
But without the backticks, your code exports $_REQUEST to PHP code which could be used to re-create an array with the same data.
Edit: Aww, now they have been edited away.
Try
var_export($_REQUEST['true'])
Returns true to the client, if the operation was successful.
Otherwise you can send any message.
Related
I ran into the snippet online
https://www.quora.com/Why-is-PHP-hated-by-so-many-developers
when I was doing some research about PHP, and I simply have no idea how the codes work.
Can anyone kindly explain what happens in the snippet and how one can log in without knowing the password?? or just give me some relevant articles to read. Thanks in advance.
See the manual:
Returns ... 0 if they [strings] are equal.
So, by the snippet logic, you should compare 0 to 0 in the end. But when you send password[]=wrong, you actually send an array, forcing strcmp to throw a warning, completely bypassing the function call and perceive the condition as true
You should always use strict comparison, just in case. So in the snippet above it would be enough to compare strictly by type and value (with ===):
if(strcmp($POST['password'], "sekret") === 0)
In this case password[]=wrong would not work anymore.
I could not find the reason why my request fail for the following
My php code is:
if (isset($_COOKIE["user"])) {
echo '<p><h3><strong>Welcome '.$_COOKIE["param"].'</strong></h3></p>'; .....
When i request exec('ls -al') as param , the php code did not run the command.
On the response of the request it was like parameterized:
Welcome exec('ls -al')
What may the reason that failed this execution?
$_COOKIE["param"] is a string. You are echoing it. It is not supposed to run anything.
If you wanted to run a command in your PHP, you would have to use eval(). But as for running a command from a cookie value:
DON'T DO IT!
So you're saying that the value of $_COOKIE['param'] is exec('ls -al'), and you're expecting that to run when you echo it out?
That's not how it works. The value of that cookie will be the string value "exec('ls -al')", not the result of the executed code. If you think about it for a second, you'll understand why it would be a bad idea for a cookie to be able to auto-execute code.
It's not really a great idea to be running random commands through exec() anyway, especially if that input came from a user (which cookies do - the user can and will change them to try to attack you).
Instead, you should be using other input that your code can interpret as a signal to run certain code. For example, you could have the param value hold the string list files, and your code would see that value and run exec('ls -al') for you.
You still shouldn't be execing code to do this though, since it's very easy to accidentally run dangerous commands that way. Instead, you should use PHP's built-in functions as much as possible, and only after sanitizing your inputs and only running known values.
For your case, PHP has a bunch of functions that let you interact with the filesystem of your server. Use those to get a list of files on the system instead.
This is really weird.
Whenever I call something like
if(empty($this->input->post("foo")){//blabla}
The whole PHP is "down" and I get a blank page from the website (even when I don't pass through this empty(input) line).
I know this is not the right method and it is stupid, I change the code to
if(!$this->input->post("foo")){//blabla}
Better I guess ?
Seriously, how come the empty(input) breaks down the entire PHP page ? (I can't get any echo "something").
From the manual:
Note:
empty() only checks variables as anything else will result in a parse
error. In other words, the following will not work:
empty(trim($name)).
Update:
From php 5.5, empty() supports expressions too.
Changelog:
5.5.0 empty() now supports expressions, rather than only variables.
You cannot use empty with functions, and neither do you need to. empty is a special construct that only works on variables and triggers a fatal error otherwise. See The Definitive Guide To isset And empty.
You dont need to use empty with input class because if the post variable does not exists or contains null value input class returns false which automatically fails the if condition and your else block would work...
What I have and want to do
I have an input area.
I have a JS script what reads the input area's innerHTML and encodes it using encodeURICompontent then sends the value to evaluate.php?code=+value;
I have an evaluate.php what GET's the code's value from the URL and returns an evaluated value using eval($code) to the javascript.
And at the end it puts the xmlHttp.responseText to a div.
But I get this error when the eval is executed:
Parse error: syntax error, unexpected '"', expecting T_STRING in /Applications/MAMP/htdocs/Apps/editor/includes/exe.php(5) : eval()'d code on line 1
Evaluate.php
if(isset($_GET["code"])){
$e = $_GET["code"];
echo eval($e);
}
The value what I try to evaluate is just:
echo "Hello World!";
Then this is looks like in $_GET["code"] as:
echo \"Hello World!\";
According to PHP's documentation:
eval() returns NULL unless return is
called in the evaluated code, in which
case the value passed to return is
returned. If there is a parse error in
the evaluated code, eval() returns
FALSE and execution of the following
code continues normally. It is not
possible to catch a parse error in
eval() using set_error_handler().
So I think there may be a problem when you run echo eval($e).
P.S. It's best practice not to use double quotes in PHP unless a variable is contained within those quotes. For example, use "Hello, $name" and use 'Hello, Bob'.
Obviously you have an error in a string you are tying to evaluate. Try to output it first and see if it has semi columns and things like that.
But you should never (!) evaluate code you get from URL! Never-never, anyone can send "exec('rm -rf /')".
I feel terrible answering this. In your PHP settings, magic_quotes_gpc might be enabled which "corrupts" your incoming data by escaping it.
In order to get it working, you might want to add a little more insecurity to your undertaking by disabling magic quotes.
If that doesn't fix it, debug your input by following Silver Light's suggestions.
I am dealing with a very strange situation that has to do with the Warning: Cannot use a scalar value as an array and memory leak.
The script is very simple and I can not figure out the problem.
Code
$variants=array();
if($text)
{
$v=explode(",",$text);
if(is_array($v) && sizeof($v)>0)
{
foreach($v as $i=>$part)
{
$tmp=explode(":",$part);
list($thekey,$thevalue)=$tmp;
//$variants=array();
echo "<div>TYPE==".gettype($variants)."</div>";
echo $variants[$tmp[0]]=$tmp[1];
}
}
}
If I run the code above as stand alone is working fine. But when put it in my framework as small part behave very strange. I got a Warning: Cannot use a scalar value as an array and in order to solve it I added
$variants=array();
on the first line. When running the script the gettype returns ��� the first time and after that return integer.
If i uncomment $variants=array(); just before the gettype, it works. But of course I don't to get the whole array, only the last record return.
I parse my code to find out that the variables I use are declared before I even change all the variable names to stupids but no luck.
Trying to debug and tune the code where times that when running the script instead of see something in the screen the browser download the script instead and some other times I had memory leaks.
Can anyone point where or what to look for, or debug it and solve it?
Problem solved
Before run the code i was calling a function
$obj->draw($$id)
That was causing the problem
The solution
$value=$$id;
$obj->draw($value)
I dont know why this causing the problem.
If anyone has a theory please post it.