Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Gareth Heyes' Blog:
Non alphanumeric code in PHP
Sep 23, 2011 @ 15:05:47

Gareth Heyes has tried out an interesting experiment - running non-alphanumeric code in PHP using only octal escapes.

So a small php shell was tweeted around and it inspired me to investigate a way to execute non-alphanumeric code. First off I started with the idea of using octal escapes in PHP and constructing the escape so for example: 107 is "G" if I could construct the "107" and add the backslash to the beginning maybe I could construct "G".

A snippet of example code is included showing his octal-based code for creating a "G" (6 lines of pluses, parentheses, equals and a few more characters). By doing some trickery with bitwise operators on strings, he was able to combine characters and make the string "GET". Pretty clever, even if it's not entirely practical.

tagged: nonalphanumeric code shell loop octal

Link:

Erling Alf Ellingsen's Blog:
PHP Must Die
Jan 11, 2010 @ 19:49:41

In a (slightly inflammatory) post to his blog today Erling Alf Ellingsen shares why he thinks that "PHP must die", mostly due to some of the inconsistencies his has with other languages.

His examples include:

  • String vs. numeric handling
  • That PHP supports octal numbers "by accident"
  • A lexer bug with hex values
  • A parser bug involving the ternary operator

Comments on the post include those supporting the "die" opinion - that PHP just doesn't have it together like other languages - and those taking a bit more balanced approach on PHP's strengths and weaknesses.

tagged: opinion lexer parser octal ternary

Link:

DevShed:
Validating Octal and Hexadecimal Values with Filters in PHP 5
Jul 23, 2009 @ 14:41:34

Continuing their series looking at creating validators for various value types in variables, DevShed has posted the latest tutorial - a look at validating octal and hexidecimal values.

As you know, when it comes to validating incoming data, PHP 5 comes bundled with a powerful set of native functions that allow you to perform all sorts of clever validations on a given variable. [...] In this second chapter of this series, I’m going to discuss how to use the FILTER_VALIDATE_INT filter that you learned in the previous part, this time for validating array elements as well as octal and hexadecimal integers.

Their example loops through an array of values to locate the ones that match the FILTER_VALIDATE_INT filter and echo their value back to the user via a foreach loop.

tagged: tutorial filter hexadecimal octal validate

Link:

PHPEverywhere:
Octalpussy
Feb 04, 2008 @ 16:25:00

In an earlier post John Lim pointed out an interesting issue with how certain numbers are handled in PHP - ones starting with a zero:

That's because any number preceded by 0 is treated as an octal number, and 9 is an invalid octal number. [...] The silly thing is that hardly anyone uses octal nowadays, but it continues to be part of the C, C++, Java and PHP standards. The mistake is also very common.

There's not much way around it, he notes - the format's been in use for a long time now and is so ingrained in just about every C-based language out there that it's "too deeply imprinted in modern compiler DNA" to take out.

tagged: octal number bug base8 adodb

Link:


Trending Topics: