php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13749 >?php instead of <?php displays password and user info
Submitted: 2001-10-19 08:50 UTC Modified: 2001-10-19 08:56 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: malcolm at prebon dot co dot uk Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 4.0.6 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
35 - 6 = ?
Subscribe to this entry?

 
 [2001-10-19 08:50 UTC] malcolm at prebon dot co dot uk
If you have a script that talks to a MySQL db and includes an inc in another directory with the login part of the script and you mistype the start as >?php instead of <?php then php returns the text of the inc file ( which contains the ip address, username and password of the mysql server )
This is what the script returned ( with real info which I have removed )

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
>?php
#
#dbconnect.inc
#
function &dbconnect()
{
	$link=@mysql_connect ("172.nnn.nnn.nn","xxxxx","yyyyyy");
	if ($link && mysql_select_db ("pwtdb"))
	{
		$dbok="True";
		return $dbok;
	}
	else
	{
		$dbok="False";
		return $dbok;
	}
}
?><br>
<b>Fatal error</b>:  Call to undefined function:  dbconnect() in <b>/usr/local/apache/htdocs/pwtvalidate.php</b> on line <b>37</b><br>



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-19 08:56 UTC] derick@php.net
PHP can not guard for typing errors. It's your own responsility.
Not a bug > bogus.

Derick
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 10:01:26 2024 UTC