Edit report at http://bugs.php.net/bug.php?id=53210&edit=1
ID: 53210
Comment by: exilianmelody at gmail dot com
Reported by: yoyahack at undersecurity dot net
Summary: mysql_fetch_assoc (mysql_query (SQL) inside a while
loop can cause DoS
Status: Open
Type: Bug
Package: Filesystem function related
Operating System: Fedora 13
PHP Version: 5.3.3
Block user comment: N
New Comment:
i am so sorry for leaved my incorrect mail adress,:)
Previous Comments:
------------------------------------------------------------------------
[2010-11-01 08:12:54] exilianmelody at google dot com
hi,buddy, in my thought,you just have a structure mistake,because in
while loop,it have to have a static value,but your argument is a dynamic
generated,so everytime anyhow the while loop is true,and each output
record is the first item in your table,except your table is empty.solve
it below:
$link = mysql_connect('127.0.0.1','root', 'root');
mysql_select_db('test', $link);
$resouce = mysql_query('select * from table', $link);
while($row = mysql_fetch_assoc($resource))
{
echo $row['col1'].nl2br('/r');
}
------------------------------------------------------------------------
[2010-10-30 22:54:59] yoyahack at undersecurity dot net
Description:
------------
If income mysql_fetch_assoc (mysql_query (SQL) within a while loop cause
denial
of service
Test script:
---------------
<?php
$link = mysql_connect('127.0.0.1','user', 'pass');
mysql_select_db('db', $link);
while($row = mysql_fetch_assoc(mysql_query('select * from table',
$link)))
{
echo $row['id'];
}
?>
Expected result:
----------------
it generates an infinite loop that never ends
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=53210&edit=1
