go to bug id or search bugs for
NULL bytes in the source code seem to confuse PHP. See test script below. The
code in the file is not executed, and no error or warning is shown.
The result is the same if you run it from the command line or from a web server
(ruling out a web server problem).
This bug has been discovered on MacOS X (10.6.8) with a default, unpatched PHP
5.3.6; but it has been reproduced (so far) as well on Debian 2.6.26-2 with the
most recent version of PHP.
It does not matter where the null byte(s) is/are placed. They can even be inside
I discovered this bug by accident as I had inadvertently copied a NULL-byte into
a comment inside a file that I was require()'ing from elsewhere. The require()'d
code was not run, but, even with error_reporting(-1), no warning or error
message was displayed. I couldn't figure out what was wrong until I looked at
the file with a text editor that can make non-printing characters visible.
Removing the NULL byte fixed the problem.
This is a 1-line PHP script that contains a single NULL byte:
Just showing printable chars, the contents of this file is:
<?php echo "Hi"; ?>
The NULL byte is located after the closing semicolon. (However, the exact location is irrelevant in order to reproduce the bug.)
The string 'Hi' should be output.
Instead, PHP outputs a number of non-printing characters (usually shown as
question marks). Depending on the position and number of NULL bytes in the source
code, the output may also be nothing at all.
Add a Patch
Add a Pull Request
you must compile your php with zend-multibyte supporting.
try this, php -ddetect_unicode = 0 test.php
I think this is not a bug, but a side-effect of zend multibyte auto-unicode-
sorry, I mean, you must compiled your php with zend-multibyte supprot. :)
Well, but since it occurs with the default (factory) config/installation of at
least two systems, it could be considered a bug. In either way, the behaviour that
is observed is unexpected, and at least some kind of warning/informational message
should be output.
Oh and BTW, zend_multibyte *is* enabled in my install.
Configure Command => '/private/var/tmp/apache_mod_php/apache_mod_php-
53.6~2/php/configure' '--prefix=/usr' '--mandir=/usr/share/man' '--
infodir=/usr/share/info' '--disable-dependency-tracking' '--
sysconfdir=/private/etc' '--with-apxs2=/usr/sbin/apxs' '--enable-cli' '--with-
config-file-path=/etc' '--with-libxml-dir=/usr' '--with-openssl=/usr' '--with-
kerberos=/usr' '--with-zlib=/usr' '--enable-bcmath' '--with-bz2=/usr' '--enable-
calendar' '--with-curl=/usr' '--enable-exif' '--enable-ftp' '--with-gd' '--with-
'--enable-gd-native-ttf' '--with-ldap=/usr' '--with-ldap-sasl=/usr' '--enable-
mbstring' '--enable-mbregex' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--
with-pdo-mysql=mysqlnd' '--with-mysql-sock=/var/mysql/mysql.sock' '--without-
pear' '--with-iodbc=/usr' '--enable-shmop' '--with-snmp=/usr' '--enable-soap' '-
-enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--
enable-wddx' '--with-xmlrpc' '--with-iconv-dir=/usr' '--with-xsl=/usr' '--
enable-zend-multibyte' '--enable-zip' '--with-pcre-regex=/usr'
yes, my english is a little poor, I meant that because you have compiled your php
with zend muiltbyte enabled, so the NULL byte in the script trigger auto-detect-
so you can suppress this mechanism by -d detect_unicode=Off (or configed in