Hi, On Mon, 6 Oct 2003, Mark Charette wrote:
> > Strings in PHP are binary safe and thus do not rely on null temrination. > > You are, of course, right (just a brainfart on my part ...). > > There are a number of functions that depend on null termination of > strings; handing a string with embedded nulls in it to those functions may > result in "interesting" things happening .... And is somewhere written which functions depend on null termination? example 1: I know that this URL is not the correct one (RFC 1738), but if the 0x01 is encoded to \x01 why the 0x00 is not? $a = "http://xxx/test?a=aaa".chr(1).chr(2).chr(0)."bbb"; include($a); (it is requesting: http://xxx/test?a=aaa\x01\x02) example 2: $a = "1234 abc".chr(1).chr(0)."def"; $b = escapeshellcmd($a); echo $b; [$b is "1234 abc".chr(1)] Martin Straka -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
