php-general Digest 28 Nov 2013 19:11:08 -0000 Issue 8440
Topics (messages 322515 through 322527):
Re: echo count(false); == 1 ?!
322515 by: Camilo Sperberg
322516 by: Tsvetan Nikolov
322517 by: Aziz Saleh
322518 by: Tim Behrendsen
322519 by: Daevid Vincent
322521 by: Daevid Vincent
322522 by: David OBrien
322523 by: Tsvetan Nikolov
322524 by: Jim Lucas
322525 by: Sebastian Krebs
322526 by: Tsvetan Nikolov
Binded params and MySQL functions
322520 by: Camilo Sperberg
Processing the file as its being uploaded
322527 by: Marcelo Taube
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On 27 nov. 2013, at 19:04, Daevid Vincent <dae...@daevid.com> wrote:
> Really? 1?? I would have expected 0 or false or something other than
> positive. *sigh*
>
> $ php -a
> php > echo count(false);
> 1
>
>
> :-\
Same as with sizeof() btw (which is alias). I've did run into this issue a few
years ago and decided that you should check whether the argument you're passing
to count() or sizeof() is an array: problem solved.
So:
$a = $count = false;
if (is_array($a)) {
$count = count($a);
}
The "1" result is due to type conversion, well known and discussed within this
same mailing list.
unreal4u-MBP:~ unreal4u$ php -a
Interactive shell
php > $a = false;
php > print_r((array)$a);
Array
(
[0] =>
)
Greetings.
Met vriendelijke groet,
Camilo Sperberg
----------------
W: http://unreal4u.com
T: http://twitter.com/unreal4u
--- End Message ---
--- Begin Message ---
Just think about it. When was the last time you counted something and the
result was false? It makes no sense. Logically counting should return
negative, 0 or positive value.
On Wed, Nov 27, 2013 at 7:04 PM, Daevid Vincent <dae...@daevid.com> wrote:
> Really? 1?? I would have expected 0 or false or something other than
> positive. *sigh*
>
> $ php -a
> php > echo count(false);
> 1
>
>
> :-\
>
--- End Message ---
--- Begin Message ---
On Wed, Nov 27, 2013 at 1:04 PM, Daevid Vincent <dae...@daevid.com> wrote:
> Really? 1?? I would have expected 0 or false or something other than
> positive. *sigh*
>
> $ php -a
> php > echo count(false);
> 1
>
>
> :-\
>
http://us3.php.net/count
The manual is a great place to figure out why things happen a certain way.
Aziz
--- End Message ---
--- Begin Message ---
Why? count() counts the number of objects in an array. Since we're
giving it a scalar value, then it's one value. Would you expect
count(array(false)) to give a zero or a false? How about count(0) versus
count(1)?
You might be confusing false and null, which are not the same thing.
False is a boolean number, null is an empty set. You'll note that
count(null) gives a zero.
This is actually one of the cases where php is doing something logical. :)
Tim
On 11/27/2013 10:04 AM, php-general-digest-h...@lists.php.net wrote:
Really? 1?? I would have expected 0 or false or something other than
positive.*sigh*
$ php -a
php > echo count(false);
1
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Aziz Saleh [mailto:azizsa...@gmail.com]
> Sent: Wednesday, November 27, 2013 10:15 AM
> To: Daevid Vincent
> Cc: php-gene...@lists.php.net
> Subject: Re: [PHP] echo count(false); == 1 ?!
>
> On Wed, Nov 27, 2013 at 1:04 PM, Daevid Vincent <dae...@daevid.com> wrote:
>
> > Really? 1?? I would have expected 0 or false or something other than
> > positive. *sigh*
> >
> > $ php -a
> > php > echo count(false);
> > 1
> >
> >
> > :-\
> >
> http://us3.php.net/count
>
> The manual is a great place to figure out why things happen a certain way.
The manual page does not explain WHY that logic is used and even inconsistent
since null returns 0. It only says that it does return 1.
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Tsvetan Nikolov [mailto:live.websc...@gmail.com]
> Sent: Wednesday, November 27, 2013 10:15 AM
> To: Daevid Vincent
> Cc: PHP-General
> Subject: Re: [PHP] echo count(false); == 1 ?!
>
> Just think about it. When was the last time you counted something and the
> result was false? It makes no sense. Logically counting should return
> negative, 0 or positive value.
Well in my case I have a method that populates a property. The property
starts out as null (since it was never loaded). If there is an error, the
method returns false, otherwise it fills the array.
We could argue about flow/logic/etc. and how to "fix" my code.
But logically, given how null/false/0 are usually treated, almost
interchangeably, such as
$foo = false;
$foo = 0;
$foo = null;
If (!foo) ....
All do the same thing
It would stand to reason that count() would return 0 for anything that isn't
an array, as there are ZERO elements in the "array".
--- End Message ---
--- Begin Message ---
You're only counting ONE thing in this case a single boolean value so
count(false) == 1
with NULL you are counting zero things
count(null) == 0
On Wed, Nov 27, 2013 at 1:54 PM, Daevid Vincent <dae...@daevid.com> wrote:
>
>
> > -----Original Message-----
> > From: Aziz Saleh [mailto:azizsa...@gmail.com]
> > Sent: Wednesday, November 27, 2013 10:15 AM
> > To: Daevid Vincent
> > Cc: php-gene...@lists.php.net
> > Subject: Re: [PHP] echo count(false); == 1 ?!
> >
> > On Wed, Nov 27, 2013 at 1:04 PM, Daevid Vincent <dae...@daevid.com>
> wrote:
> >
> > > Really? 1?? I would have expected 0 or false or something other than
> > > positive. *sigh*
> > >
> > > $ php -a
> > > php > echo count(false);
> > > 1
> > >
> > >
> > > :-\
> > >
> > http://us3.php.net/count
> >
> > The manual is a great place to figure out why things happen a certain
> way.
>
> The manual page does not explain WHY that logic is used and even
> inconsistent since null returns 0. It only says that it does return 1.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
I accept your argument as logical but look at the documentation:
count() accepts 2 arguments. The first should be: "An array or countable
object". From here I can tell you that 90% of your cases do not comply with
the documentation so any argument pro or against us just speculation.
Comply with the documentation and then file bugs ;) null is neither an
array nor countable object. false also falls in that group! Use is_null for
null values or compare with true/false for bool. If you don't know the
possible range of your data the problem is not php ;)
On Wed, Nov 27, 2013 at 7:58 PM, Daevid Vincent <dae...@daevid.com> wrote:
>
>
> > -----Original Message-----
> > From: Tsvetan Nikolov [mailto:live.websc...@gmail.com]
> > Sent: Wednesday, November 27, 2013 10:15 AM
> > To: Daevid Vincent
> > Cc: PHP-General
> > Subject: Re: [PHP] echo count(false); == 1 ?!
> >
> > Just think about it. When was the last time you counted something and the
> > result was false? It makes no sense. Logically counting should return
> > negative, 0 or positive value.
>
> Well in my case I have a method that populates a property. The property
> starts out as null (since it was never loaded). If there is an error, the
> method returns false, otherwise it fills the array.
>
> We could argue about flow/logic/etc. and how to "fix" my code.
>
> But logically, given how null/false/0 are usually treated, almost
> interchangeably, such as
>
> $foo = false;
> $foo = 0;
> $foo = null;
>
> If (!foo) ....
> All do the same thing
>
> It would stand to reason that count() would return 0 for anything that
> isn't
> an array, as there are ZERO elements in the "array".
>
>
>
>
--- End Message ---
--- Begin Message ---
On 11/27/2013 10:04 AM, Daevid Vincent wrote:
Really? 1?? I would have expected 0 or false or something other than
positive. *sigh*
$ php -a
php > echo count(false);
1
:-\
So, in the manual [1], it says that count expects either an array [2] or
countable object [3] as the first param. If you pass it something other then
those two types, why would expect it to behave as if you had passed it an
array? I would think one should expect unexpected results if giving
unexpected input.
1 http://php.net/count#refsect1-function.count-description
2 http://us3.php.net/manual/en/language.types.array.php
3 http://us3.php.net/manual/en/class.countable.php
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
--- End Message ---
--- Begin Message ---
2013/11/27 Daevid Vincent <dae...@daevid.com>
>
>
> > -----Original Message-----
> > From: Aziz Saleh [mailto:azizsa...@gmail.com]
> > Sent: Wednesday, November 27, 2013 10:15 AM
> > To: Daevid Vincent
> > Cc: php-gene...@lists.php.net
> > Subject: Re: [PHP] echo count(false); == 1 ?!
> >
> > On Wed, Nov 27, 2013 at 1:04 PM, Daevid Vincent <dae...@daevid.com>
> wrote:
> >
> > > Really? 1?? I would have expected 0 or false or something other than
> > > positive. *sigh*
> > >
> > > $ php -a
> > > php > echo count(false);
> > > 1
> > >
> > >
> > > :-\
> > >
> > http://us3.php.net/count
> >
> > The manual is a great place to figure out why things happen a certain
> way.
>
> The manual page does not explain WHY that logic is used and even
> inconsistent since null returns 0. It only says that it does return 1.
>
Actually it does, but on a different page [1], because at the end it
behaves like "count((array) $foo)"
> For any of the types: integer, float, string, boolean and resource,
converting a value to an array results in an array with a single element
with
> index zero and the value of the scalar which was converted. In other
words, (array)$scalarValue is exactly the same as array($scalarValue).
And some lines below
> Converting NULL to an array results in an empty array.
[1] php.net/language.types.array.php#language.types.array.casting
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
github.com/KingCrunch
--- End Message ---
--- Begin Message ---
very nice explanation!
On Wed, Nov 27, 2013 at 8:49 PM, Sebastian Krebs <krebs....@gmail.com>wrote:
> 2013/11/27 Daevid Vincent <dae...@daevid.com>
>
> >
> >
> > > -----Original Message-----
> > > From: Aziz Saleh [mailto:azizsa...@gmail.com]
> > > Sent: Wednesday, November 27, 2013 10:15 AM
> > > To: Daevid Vincent
> > > Cc: php-gene...@lists.php.net
> > > Subject: Re: [PHP] echo count(false); == 1 ?!
> > >
> > > On Wed, Nov 27, 2013 at 1:04 PM, Daevid Vincent <dae...@daevid.com>
> > wrote:
> > >
> > > > Really? 1?? I would have expected 0 or false or something other than
> > > > positive. *sigh*
> > > >
> > > > $ php -a
> > > > php > echo count(false);
> > > > 1
> > > >
> > > >
> > > > :-\
> > > >
> > > http://us3.php.net/count
> > >
> > > The manual is a great place to figure out why things happen a certain
> > way.
> >
> > The manual page does not explain WHY that logic is used and even
> > inconsistent since null returns 0. It only says that it does return 1.
> >
>
> Actually it does, but on a different page [1], because at the end it
> behaves like "count((array) $foo)"
>
> > For any of the types: integer, float, string, boolean and resource,
> converting a value to an array results in an array with a single element
> with
> > index zero and the value of the scalar which was converted. In other
> words, (array)$scalarValue is exactly the same as array($scalarValue).
>
> And some lines below
>
> > Converting NULL to an array results in an empty array.
>
>
> [1] php.net/language.types.array.php#language.types.array.casting
>
>
>
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> --
> github.com/KingCrunch
>
--- End Message ---
--- Begin Message ---
Good evening list:
Some time ago, one of the sites I was working for suffered a DDoS attack which
involved binded parameters and MySQL.
The code to reproduce can be as simple as:
$stmt = $mysqli->prepare("SELECT * FROM t1 WHERE id = ?");
$stmt->bind_param('s', 'SLEEP(1)');
Logically (according to my logic which isn't always the right logic), the final
query should be:
SELECT * FROM t1 WHERE id = 'SLEEP(1)'
However, in some part of the database layer, the query gets rewritten to this
instead:
SELECT * FROM t1 WHERE id = SLEEP(1)
Which results in the query taking a pause of one second for the size of the
result set or cardinality of the index, so LIMITing doesn't matter.
So... my questions are:
1- Why? Binded params are supposed to translate user input into save database
statements. I know that isn't a guarantee that it will stop 100% of all
evilness out there, but to me, this is and should be considered as a string,
not a proper function.
2- Where does this happen? I have tested RedBean PHP (which uses PDO) and the
mysqli connector, it is reproducible on both, so is this MySQL's behavior?
3- Do you know of any other sensitive function that can produce a security
breach/performance degrade? I'm talking about maybe USLEEP() or some intense PI
calculation (something in the line as SELECT PI(123123123123); where
123123123123 is the number of PI digits we want to have).
Greetings.
Met vriendelijke groet,
Camilo Sperberg
----------------
W: http://unreal4u.com
T: http://twitter.com/unreal4u
--- End Message ---
--- Begin Message ---
Hello,
I want to write a php script which process a file being upload to the
server, to check contentes and stores it on the fly, as its being uploaded.
My goal is to avoid using the memory needed to hold the whole file, and
instead just upload it and forgetting the parts already processed.
I have seen that this "streaming" interface of file uploads exist for HTTP
PUT method but could not find info on how to do it using POST.
So, is there any way of configuring PHP or APACHE to provide uploaded files
using POST in a streaming fashion?
If this is not possible, is it because an instrinsic limit of the HTTP
protocol? a limit on the apache architecture? or a design decision in PHP?
And last, in PUT method, are I warrantied that the input in stdin comes
directly to the PHP script or should i expect apache to pre buffer the
whole file and then just start to send it?
Thank you
--- End Message ---