phaq

Think about retrieving a data set from MySQL, where you need to add distinct, auto-incremented ID to each row retrieved. Sounds easy?

Well, the ID has to be generated on-the-fly and out of nowhere. Still easy?

One might think about using MySQL user variables to accomplish this, sure. But what if your framework does not allow injecting chained queries because of SQL injection countermeasures?
Read more…

While working on my newest project, a PHP- and AJAX-based network management application, I came along the need to run multiple commands on the server and track their return states (basically if they were run successful or not).

While sticking together my framework, I found that forking a process into background from PHP requires some additional steps if you don’t want to break AJAX functionality.
Read more…

Today I had to add the PHP ‘bcmath’ extension to my FreeBSD host.
Actually, that’s a fairly easy one-liner:


[root@localhost ~]# cd /usr/ports/math/php5-bcmath && make clean install


However, I ended up with a crude error message:

Cannot find autoconf. Please check your autoconf installation and the
$PHP_AUTOCONF environment variable. Then, rerun this script.

Bummer! So let’s see how to fix this.
Read more…

Gosh, some things really shouldn’t be done!
One thing for example is that stupid attitude to “scramble” PHP code by nesting it a zillion times using eval(), gz_deflate(), base64_encode() and str_rot13.
You find this in some “freely” available PHP scripts and some WordPress Themes as well. Actually nobody seems to care, that this may be well worth considering as a huge security hole!
Read more…

Thinking about security risks of obfuscated PHP code found in some freely available PHP scripts and WordPress themes, I wrote a quick’n'dirty De-Scrambler.
Read more…