SlideShare a Scribd company logo

PHP WTF

M
markstory

PHP is a funny language, this lightning talk shows some of the funnyness.

Software
1 of 9
Download to read offline
PHP WTH A short tour of pain & fire.
list() list($a, $a) = array(1, 2, 3, 4); echo $a; // 1 // WTH
in_array() $a = array('7.1'); $exists = in_array('7.10', $a); var_dump($exists); // true // WTH
Private ORLY class Human { private $name; function __construct($name) { $this->name = $name; } public function touch($human) { echo “Touched $human->name”; } } $sally = new Human(‘sally’); $joe = new Human(‘joe’); $sally->touch($joe); // Touched joe
== $a = 0; $b = 'x'; false == $a; // true $a == $b; // true $b == true; // true // FFFFFFUUUUUU
Post increment $a = 4; echo $a+++$a++; // 9 // WAT
Floats $a = 0.1 * 0.1; var_dump($a); // double(0.01) var_dump($a == 0.01); // false // ARRRRRGGGG
Ternaries echo (true ? 'Foo' : false ? 'Bar' : ‘Baz' ); // Bar // NOOOOOO
Be Careful

Recommended

Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 
Bsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptxBsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptx
Clavis Segurança da Informação
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
idsecconf
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
Bernardo Damele A. G.
 
DNS exfiltration using sqlmap
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmap
Miroslav Stampar
 

Recommended

Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 
Bsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptxBsides SP 2022 - EPSS - Final.pptx
Bsides SP 2022 - EPSS - Final.pptx
Clavis Segurança da Informação
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
idsecconf
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
Bernardo Damele A. G.
 
DNS exfiltration using sqlmap
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmap
Miroslav Stampar
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
Christopher Frohoff
 
Sql injection
Sql injectionSql injection
Sql injection
Nuruzzaman Milon
 
Heuristic methods used in sqlmap
Heuristic methods used in sqlmapHeuristic methods used in sqlmap
Heuristic methods used in sqlmap
Miroslav Stampar
 
Java card technology
Java card technologyJava card technology
Java card technology
Keerthi Thomas
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
Exception handling
Exception handlingException handling
Exception handling
Anna Pietras
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧
Orange Tsai
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
CODE WHITE GmbH
 
Exploiting Deserialization Vulnerabilities in Java
Exploiting Deserialization Vulnerabilities in JavaExploiting Deserialization Vulnerabilities in Java
Exploiting Deserialization Vulnerabilities in Java
CODE WHITE GmbH
 
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
Alex Cachia
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Not so blind SQL Injection
Not so blind SQL InjectionNot so blind SQL Injection
Not so blind SQL Injection
Francisco Ribeiro
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
Dmitry Evteev
 
Implicit object.pptx
Implicit object.pptxImplicit object.pptx
Implicit object.pptx
chakrapani tripathi
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
Scott Sutherland
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
Ronan Dunne, CEH, SSCP
 
Php internal architecture
Php internal architecturePhp internal architecture
Php internal architecture
Elizabeth Smith
 
PHP 7 performances from PHP 5
PHP 7 performances from PHP 5PHP 7 performances from PHP 5
PHP 7 performances from PHP 5
julien pauli
 

More Related Content

What's hot

Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧
Orange Tsai
 
Not so blind SQL Injection
Not so blind SQL InjectionNot so blind SQL Injection
Not so blind SQL Injection
Francisco Ribeiro
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
Dmitry Evteev
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
Ronan Dunne, CEH, SSCP
 

What's hot (20)

OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
 
Sql injection
Sql injectionSql injection
Sql injection
 
Heuristic methods used in sqlmap
Heuristic methods used in sqlmapHeuristic methods used in sqlmap
Heuristic methods used in sqlmap
 
Java card technology
Java card technologyJava card technology
Java card technology
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
Exception handling
Exception handlingException handling
Exception handling
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
 
Exploiting Deserialization Vulnerabilities in Java
Exploiting Deserialization Vulnerabilities in JavaExploiting Deserialization Vulnerabilities in Java
Exploiting Deserialization Vulnerabilities in Java
 
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Not so blind SQL Injection
Not so blind SQL InjectionNot so blind SQL Injection
Not so blind SQL Injection
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
 
Implicit object.pptx
Implicit object.pptxImplicit object.pptx
Implicit object.pptx
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
 

Viewers also liked

Being functional in PHP (PHPDay Italy 2016)
Being functional in PHP (PHPDay Italy 2016)Being functional in PHP (PHPDay Italy 2016)
Being functional in PHP (PHPDay Italy 2016)
David de Boer
 
PHP, Under The Hood - DPC
PHP, Under The Hood - DPCPHP, Under The Hood - DPC
PHP, Under The Hood - DPC
Anthony Ferrara
 

Viewers also liked (14)

Php internal architecture
Php internal architecturePhp internal architecture
Php internal architecture
 
PHP 7 performances from PHP 5
PHP 7 performances from PHP 5PHP 7 performances from PHP 5
PHP 7 performances from PHP 5
 
PHP 7 new engine
PHP 7 new enginePHP 7 new engine
PHP 7 new engine
 
Php
PhpPhp
Php
 
Being functional in PHP (PHPDay Italy 2016)
Being functional in PHP (PHPDay Italy 2016)Being functional in PHP (PHPDay Italy 2016)
Being functional in PHP (PHPDay Italy 2016)
 
PHP, Under The Hood - DPC
PHP, Under The Hood - DPCPHP, Under The Hood - DPC
PHP, Under The Hood - DPC
 
Internet of Things With PHP
Internet of Things With PHPInternet of Things With PHP
Internet of Things With PHP
 
PHP Optimization
PHP OptimizationPHP Optimization
PHP Optimization
 
Laravel Beginners Tutorial 1
Laravel Beginners Tutorial 1Laravel Beginners Tutorial 1
Laravel Beginners Tutorial 1
 
Php 101: PDO
Php 101: PDOPhp 101: PDO
Php 101: PDO
 
How PHP Works ?
How PHP Works ?How PHP Works ?
How PHP Works ?
 
[Community Open Camp] 給 PHP 開發者的 VS Code 指南
[Community Open Camp] 給 PHP 開發者的 VS Code 指南[Community Open Camp] 給 PHP 開發者的 VS Code 指南
[Community Open Camp] 給 PHP 開發者的 VS Code 指南
 
LaravelConf Taiwan 2017 開幕
LaravelConf Taiwan 2017 開幕LaravelConf Taiwan 2017 開幕
LaravelConf Taiwan 2017 開幕
 
Route 路由控制
Route 路由控制Route 路由控制
Route 路由控制
 

More from markstory

Introduction to Twig
Introduction to TwigIntroduction to Twig
Introduction to Twig
markstory
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
markstory
 
Intro to continuous integration
Intro to continuous integration Intro to continuous integration
Intro to continuous integration
markstory
 

More from markstory (20)

Dependency injection in CakePHP
Dependency injection in CakePHPDependency injection in CakePHP
Dependency injection in CakePHP
 
Safer, More Helpful CakePHP
Safer, More Helpful CakePHPSafer, More Helpful CakePHP
Safer, More Helpful CakePHP
 
CakePHP - The Road Ahead
CakePHP - The Road AheadCakePHP - The Road Ahead
CakePHP - The Road Ahead
 
Future of HTTP in CakePHP
Future of HTTP in CakePHPFuture of HTTP in CakePHP
Future of HTTP in CakePHP
 
CakePHP mistakes made 2015
CakePHP mistakes made 2015CakePHP mistakes made 2015
CakePHP mistakes made 2015
 
New in cakephp3
New in cakephp3New in cakephp3
New in cakephp3
 
CakePHP 3.0 and beyond
CakePHP 3.0 and beyondCakePHP 3.0 and beyond
CakePHP 3.0 and beyond
 
CakePHP mistakes made confoo 2015
CakePHP mistakes made confoo 2015CakePHP mistakes made confoo 2015
CakePHP mistakes made confoo 2015
 
CakePHP mistakes made
CakePHP mistakes madeCakePHP mistakes made
CakePHP mistakes made
 
Performance and optimization CakeFest 2014
Performance and optimization CakeFest 2014Performance and optimization CakeFest 2014
Performance and optimization CakeFest 2014
 
Road to CakePHP 3.0
Road to CakePHP 3.0Road to CakePHP 3.0
Road to CakePHP 3.0
 
Performance and optimization
Performance and optimizationPerformance and optimization
Performance and optimization
 
OWASP Top 10 2013
OWASP Top 10 2013OWASP Top 10 2013
OWASP Top 10 2013
 
CakePHP the yum & yuck
CakePHP the yum & yuckCakePHP the yum & yuck
CakePHP the yum & yuck
 
Introduction to Twig
Introduction to TwigIntroduction to Twig
Introduction to Twig
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Simple search with elastic search
Simple search with elastic searchSimple search with elastic search
Simple search with elastic search
 
Making the most of 2.2
Making the most of 2.2Making the most of 2.2
Making the most of 2.2
 
Intro to continuous integration
Intro to continuous integration Intro to continuous integration
Intro to continuous integration
 
Evented applications with RabbitMQ and CakePHP
Evented applications with RabbitMQ and CakePHPEvented applications with RabbitMQ and CakePHP
Evented applications with RabbitMQ and CakePHP
 

PHP WTF