On 11/06/2010, at 12:49 PM, Daevid Vincent wrote:
> Chew on this...
>
> develo...@mypse:~$ cat ./md5test.php
> #!/usr/bin/php
> $password = '12345678';
> echo md5(strtoupper($password));
> echo "\n";
> echo md5(strtoupper('12345678'));
> echo "\n";
>
> $password = '$12345678';
> echo md5(strtoupper($password));
> echo "\n";
> echo md5(strtoupper('$12345678'));
> echo "\n";
> ?>
>
> develo...@mypse:~$ ./md5test.php
> 25d55ad283aa400af464c76d713c07ad
> 25d55ad283aa400af464c76d713c07ad
> 2d05c0e3d6d22343123eae7f5678e34c
> 2d05c0e3d6d22343123eae7f5678e34c
>
> develo...@mypse:~$ php -r "echo md5(strtoupper('12345678'));"
> 25d55ad283aa400af464c76d713c07ad
>
> develo...@mypse:~$ php -a
> Interactive shell
> php > echo md5(strtoupper('$12345678'));
> 2d05c0e3d6d22343123eae7f5678e34c
>
> develo...@mypse:~$ php -r "echo md5(strtoupper('$12345678'));"
> b3275960d68fda9d831facc0426c3bbc
>
> Why is the "-r" command line version different?
>
> man php:
>
> Using parameter -r you can directly execute PHP code simply as
> you
> would do inside a .php file when using the eval() function.
>
> develo...@mypse:~$ php -v
> PHP 5.2.4-2ubuntu5.10 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan 6 2010
> 22:01:14)
> Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
>
> Then I tried it again on two different servers with the same result:
>
> PHP 5.2.6-2ubuntu4.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan 6 2010
> 22:03:33)
> Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
>
> PHP 5.3.2-1ubuntu4.2 with Suhosin-Patch (cli) (built: May 13 2010 20:01:00)
>
> Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
>
> So now it get's more interesting...
>
> A co-worker suggested to reverse the quotes:
>
> develo...@mypse:~$ php -r 'echo md5(strtoupper("$12345678"));'
> 2d05c0e3d6d22343123eae7f5678e34c
>
> Note the use of the single and double quotes are reversed. This gives me
> the RIGHT checksum.
>
> To me this version is syntactically wrong because the " would indicate in
> normal PHP to pre-parse the literal $12345678 and treat $1 as some kind of
> variable or something. Whereas a ' says use the literal AS IS.
>
> Not to mention that it is completely confusing that -r gives different
> results than -a and using it in a .php file all together.
>
> IF quotes are a factor (as they seem to be), then the -r PHP
> behind-the-scenes code should flip them around or something so the
> developer doesn't have to be concerned with this edge case nonsense.
>
> Sanity would dictate that all ways of executing the SAME PHP code would
> give the SAME results.
>
> *sigh*
It's your shell doing what it's supposed to, by replacing $12345678, when the
entire string's in double quotes, with the contents of the shell variable
12345678 (most likely nothing), so all that PHP sees is: echo
md5(strtoupper(''));
---
Simon Welsh
Admin of http://simon.geek.nz/
Who said Microsoft never created a bug-free program? The blue screen never,
ever crashes!
http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php