Prev: PHP -r, -a and .php return different results based upon " or ' marks !? [BUG]
Next: How does php server identify that the particular session belongsto particular user
From: Ashley Sheridan on 10 Jun 2010 20:59 On Thu, 2010-06-10 at 17:49 -0700, Daevid Vincent wrote: > Chew on this... > > developer(a)mypse:~$ cat ./md5test.php > #!/usr/bin/php > <?php > $password = '12345678'; > echo md5(strtoupper($password)); > echo "\n"; > echo md5(strtoupper('12345678')); > echo "\n"; > > $password = '$12345678'; > echo md5(strtoupper($password)); > echo "\n"; > echo md5(strtoupper('$12345678')); > echo "\n"; > ?> > > developer(a)mypse:~$ ./md5test.php > 25d55ad283aa400af464c76d713c07ad > 25d55ad283aa400af464c76d713c07ad > 2d05c0e3d6d22343123eae7f5678e34c > 2d05c0e3d6d22343123eae7f5678e34c > > developer(a)mypse:~$ php -r "echo md5(strtoupper('12345678'));" > 25d55ad283aa400af464c76d713c07ad > > developer(a)mypse:~$ php -a > Interactive shell > php > echo md5(strtoupper('$12345678')); > 2d05c0e3d6d22343123eae7f5678e34c > > developer(a)mypse:~$ php -r "echo md5(strtoupper('$12345678'));" > b3275960d68fda9d831facc0426c3bbc > > Why is the "-r" command line version different? > > man php: > > Using parameter -r you can directly execute PHP code simply as > you > would do inside a .php file when using the eval() function. > > developer(a)mypse:~$ php -v > PHP 5.2.4-2ubuntu5.10 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan 6 2010 > 22:01:14) > Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies > > Then I tried it again on two different servers with the same result: > > PHP 5.2.6-2ubuntu4.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan 6 2010 > 22:03:33) > Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies > > PHP 5.3.2-1ubuntu4.2 with Suhosin-Patch (cli) (built: May 13 2010 20:01:00) > > Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies > > So now it get's more interesting... > > A co-worker suggested to reverse the quotes: > > developer(a)mypse:~$ php -r 'echo md5(strtoupper("$12345678"));' > 2d05c0e3d6d22343123eae7f5678e34c > > Note the use of the single and double quotes are reversed. This gives me > the RIGHT checksum. > > To me this version is syntactically wrong because the " would indicate in > normal PHP to pre-parse the literal $12345678 and treat $1 as some kind of > variable or something. Whereas a ' says use the literal AS IS. > > Not to mention that it is completely confusing that -r gives different > results than -a and using it in a .php file all together. > > IF quotes are a factor (as they seem to be), then the -r PHP > behind-the-scenes code should flip them around or something so the > developer doesn't have to be concerned with this edge case nonsense. > > Sanity would dictate that all ways of executing the SAME PHP code would > give the SAME results. > > *sigh* > > I believe that when you're running the PHP with the -r, the quotation marks are treated as Bash (or whichever shell you're using) quotes, and so the variable is possibly being parsed as an empty string value, which is why reversing the quotes is having the right effect. Thanks, Ash http://www.ashleysheridan.co.uk |