|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13749 >?php instead of <?php displays password and user info
Submitted: 2001-10-19 08:50 UTC Modified: 2001-10-19 08:56 UTC
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: malcolm at prebon dot co dot uk Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 4.0.6 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: malcolm at prebon dot co dot uk
New email:
PHP Version: OS:


 [2001-10-19 08:50 UTC] malcolm at prebon dot co dot uk
If you have a script that talks to a MySQL db and includes an inc in another directory with the login part of the script and you mistype the start as >?php instead of <?php then php returns the text of the inc file ( which contains the ip address, username and password of the mysql server )
This is what the script returned ( with real info which I have removed )

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
function &dbconnect()
	$link=@mysql_connect ("172.nnn.nnn.nn","xxxxx","yyyyyy");
	if ($link && mysql_select_db ("pwtdb"))
		return $dbok;
		return $dbok;
<b>Fatal error</b>:  Call to undefined function:  dbconnect() in <b>/usr/local/apache/htdocs/pwtvalidate.php</b> on line <b>37</b><br>


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-19 08:56 UTC]
PHP can not guard for typing errors. It's your own responsility.
Not a bug > bogus.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jul 14 14:01:27 2024 UTC