On Fri, 19 Oct 2001, Malcolm Moore wrote:
> I would have hoped that a reversed < wouldn't have displayed the user name
> and password
>
> best wishes
>
*It doesn't*
you've hardcoded your username and password into the php file, when
you don't have the php start tag correct, then how would php know
what type of data is there, so it appropriately spits out your
unparsed code.
-Sterling
> mal
>
> -----Original Message-----
> From: Bug Database [mailto:[EMAIL PROTECTED]]
> Sent: 19 October 2001 13:57
> To: [EMAIL PROTECTED]
> Subject: Bug #13749 Updated: >?php instead of <?php displays password
> and user info
>
>
> ID: 13749
> Updated by: derick
> Reported By: [EMAIL PROTECTED]
> Old Status: Open
> Status: Bogus
> Bug Type: MySQL related
> Operating System: Linux
> PHP Version: 4.0.6
> New Comment:
>
> PHP can not guard for typing errors. It's your own responsility.
> Not a bug > bogus.
>
> Derick
>
> Previous Comments:
> ------------------------------------------------------------------------
>
> [2001-10-19 08:50:18] [EMAIL PROTECTED]
>
> If you have a script that talks to a MySQL db and includes an inc in another
> directory with the login part of the script and you mistype the start as
> >?php instead of <?php then php returns the text of the inc file ( which
> contains the ip address, username and password of the mysql server )
> This is what the script returned ( with real info which I have removed )
>
> <?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
> >?php
> #
> #dbconnect.inc
> #
> function &dbconnect()
> {
> $link=@mysql_connect ("172.nnn.nnn.nn","xxxxx","yyyyyy");
> if ($link && mysql_select_db ("pwtdb"))
> {
> $dbok="True";
> return $dbok;
> }
> else
> {
> $dbok="False";
> return $dbok;
> }
> }
> ?><br>
> <b>Fatal error</b>: Call to undefined function: dbconnect() in
> <b>/usr/local/apache/htdocs/pwtvalidate.php</b> on line <b>37</b><br>
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
> ATTENTION! Do NOT reply to this email!
> To reply, use the web interface found at
> http://bugs.php.net/?id=13749&edit=2
>
>
> **********************************************************************
> This email is intended only for the addressee. This email
> and any files transmitted with it may contain confidential
> or privileged information. If you are not the named
> addressee or the person responsible for delivering the
> message to the named addressee, please contact
> [EMAIL PROTECTED]
>
> This email has been scanned by MIMEsweeper.
>
> Visit the Prebon Marshall Yamane web site at
> http://www.prebon.com
> **********************************************************************
>
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
