PHP -r, -a and .php return different results based upon " or ' marks !? [BUG]
in [General]
|
Prev: is <?= good?
Next: PHP -r, -a and .php return different results based upon" or ' marks !? [BUG]
From: "Daevid Vincent" on 10 Jun 2010 20:49 Chew on this... developer(a)mypse:~$ cat ./md5test.php #!/usr/bin/php <?php $password = '12345678'; echo md5(strtoupper($password)); echo "\n"; echo md5(strtoupper('12345678')); echo "\n"; $password = '$12345678'; echo md5(strtoupper($password)); echo "\n"; echo md5(strtoupper('$12345678')); echo "\n"; ?> developer(a)mypse:~$ ./md5test.php 25d55ad283aa400af464c76d713c07ad 25d55ad283aa400af464c76d713c07ad 2d05c0e3d6d22343123eae7f5678e34c 2d05c0e3d6d22343123eae7f5678e34c developer(a)mypse:~$ php -r "echo md5(strtoupper('12345678'));" 25d55ad283aa400af464c76d713c07ad developer(a)mypse:~$ php -a Interactive shell php > echo md5(strtoupper('$12345678')); 2d05c0e3d6d22343123eae7f5678e34c developer(a)mypse:~$ php -r "echo md5(strtoupper('$12345678'));" b3275960d68fda9d831facc0426c3bbc Why is the "-r" command line version different? man php: Using parameter -r you can directly execute PHP code simply as you would do inside a .php file when using the eval() function. developer(a)mypse:~$ php -v PHP 5.2.4-2ubuntu5.10 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan 6 2010 22:01:14) Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies Then I tried it again on two different servers with the same result: PHP 5.2.6-2ubuntu4.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan 6 2010 22:03:33) Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies PHP 5.3.2-1ubuntu4.2 with Suhosin-Patch (cli) (built: May 13 2010 20:01:00) Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies So now it get's more interesting... A co-worker suggested to reverse the quotes: developer(a)mypse:~$ php -r 'echo md5(strtoupper("$12345678"));' 2d05c0e3d6d22343123eae7f5678e34c Note the use of the single and double quotes are reversed. This gives me the RIGHT checksum. To me this version is syntactically wrong because the " would indicate in normal PHP to pre-parse the literal $12345678 and treat $1 as some kind of variable or something. Whereas a ' says use the literal AS IS. Not to mention that it is completely confusing that -r gives different results than -a and using it in a .php file all together. IF quotes are a factor (as they seem to be), then the -r PHP behind-the-scenes code should flip them around or something so the developer doesn't have to be concerned with this edge case nonsense. Sanity would dictate that all ways of executing the SAME PHP code would give the SAME results. *sigh*
From: Simon J Welsh on 10 Jun 2010 20:59 On 11/06/2010, at 12:49 PM, Daevid Vincent wrote: > Chew on this... > > developer(a)mypse:~$ cat ./md5test.php > #!/usr/bin/php > <?php > $password = '12345678'; > echo md5(strtoupper($password)); > echo "\n"; > echo md5(strtoupper('12345678')); > echo "\n"; > > $password = '$12345678'; > echo md5(strtoupper($password)); > echo "\n"; > echo md5(strtoupper('$12345678')); > echo "\n"; > ?> > > developer(a)mypse:~$ ./md5test.php > 25d55ad283aa400af464c76d713c07ad > 25d55ad283aa400af464c76d713c07ad > 2d05c0e3d6d22343123eae7f5678e34c > 2d05c0e3d6d22343123eae7f5678e34c > > developer(a)mypse:~$ php -r "echo md5(strtoupper('12345678'));" > 25d55ad283aa400af464c76d713c07ad > > developer(a)mypse:~$ php -a > Interactive shell > php > echo md5(strtoupper('$12345678')); > 2d05c0e3d6d22343123eae7f5678e34c > > developer(a)mypse:~$ php -r "echo md5(strtoupper('$12345678'));" > b3275960d68fda9d831facc0426c3bbc > > Why is the "-r" command line version different? > > man php: > > Using parameter -r you can directly execute PHP code simply as > you > would do inside a .php file when using the eval() function. > > developer(a)mypse:~$ php -v > PHP 5.2.4-2ubuntu5.10 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan 6 2010 > 22:01:14) > Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies > > Then I tried it again on two different servers with the same result: > > PHP 5.2.6-2ubuntu4.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan 6 2010 > 22:03:33) > Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies > > PHP 5.3.2-1ubuntu4.2 with Suhosin-Patch (cli) (built: May 13 2010 20:01:00) > > Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies > > So now it get's more interesting... > > A co-worker suggested to reverse the quotes: > > developer(a)mypse:~$ php -r 'echo md5(strtoupper("$12345678"));' > 2d05c0e3d6d22343123eae7f5678e34c > > Note the use of the single and double quotes are reversed. This gives me > the RIGHT checksum. > > To me this version is syntactically wrong because the " would indicate in > normal PHP to pre-parse the literal $12345678 and treat $1 as some kind of > variable or something. Whereas a ' says use the literal AS IS. > > Not to mention that it is completely confusing that -r gives different > results than -a and using it in a .php file all together. > > IF quotes are a factor (as they seem to be), then the -r PHP > behind-the-scenes code should flip them around or something so the > developer doesn't have to be concerned with this edge case nonsense. > > Sanity would dictate that all ways of executing the SAME PHP code would > give the SAME results. > > *sigh* It's your shell doing what it's supposed to, by replacing $12345678, when the entire string's in double quotes, with the contents of the shell variable 12345678 (most likely nothing), so all that PHP sees is: echo md5(strtoupper('')); --- Simon Welsh Admin of http://simon.geek.nz/ Who said Microsoft never created a bug-free program? The blue screen never, ever crashes! http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e
|
Pages: 1 Prev: is <?= good? Next: PHP -r, -a and .php return different results based upon" or ' marks !? [BUG] |