fast4god Posted June 5, 2007 Share Posted June 5, 2007 I am kind of new to php but recently put together a script using the backtick operator for certain kinds of data delimiters, only to discover it has special meaning in php. Can someone explain exactly what it does, what cautions I should observe in using it in data formatting (I'm thinking security), and whether or not I should just scrap the whole idea and use something different? Thanks in advance Dan Quote Link to comment https://forums.phpfreaks.com/topic/54360-backtick-operator-and-security/ Share on other sites More sharing options...
trq Posted June 5, 2007 Share Posted June 5, 2007 It is a shortcut to the shell. eg; echo `ls -l`; Is the same as typing... ls -l in Bash. More details here. Id'e be very care full with what you are doing. Can we see an example of some code? Quote Link to comment https://forums.phpfreaks.com/topic/54360-backtick-operator-and-security/#findComment-268829 Share on other sites More sharing options...
fast4god Posted June 6, 2007 Author Share Posted June 6, 2007 Well, it's a bit complex. And I use it in several places. For example I create indexes that look like: SomePage: field1=data`field2=moredata AnotherPage: field1=data`field2=moredata ... Also the engine converts [if equal a b]some text [if] to `true equal a b`some text`true` and then immediately converts that to 'some text' or '' depending on the condition--so the backtick doesn't appear in the final output. But it is parsed by the script. And finally I set up hidden data values on wiki pages (for database like functions) that looks like Main page text... `data` field=data ` field2=more data ` These are all just raw text files parsed by the script engine and it never shows up in the final html output, but these text strings do get manipulated by the php scripts that produce the output... I could switch to some other syntax as I've only JUST released this as pre-beta software, but wanted to understand how it all works, if possible. Cheers, Dan Quote Link to comment https://forums.phpfreaks.com/topic/54360-backtick-operator-and-security/#findComment-268868 Share on other sites More sharing options...
fast4god Posted June 7, 2007 Author Share Posted June 7, 2007 *bump* Quote Link to comment https://forums.phpfreaks.com/topic/54360-backtick-operator-and-security/#findComment-269866 Share on other sites More sharing options...
trq Posted June 7, 2007 Share Posted June 7, 2007 Why are you bumping? What exactly do you need to know? Quote Link to comment https://forums.phpfreaks.com/topic/54360-backtick-operator-and-security/#findComment-269941 Share on other sites More sharing options...
fast4god Posted June 7, 2007 Author Share Posted June 7, 2007 Sorry the question was unclear. Am just trying to understand what the risks could be of using the backtick as a delimiter. Specifically, if php is parsing a string that contains it, could something malicious be executed? Actually I've gone through and changed all the code, so it's not so critical now. But I am really trying to understand security and was hoping for a clearer explanation of how this works. I mean is this something that could cause problems in a simple forms input field? Or does it only work in certain restricted situations. I noticed htmlspecialchars() does not seem to escape this character. But then again, of course it's not a html special char, its a php special char! Cheers, Dan Quote Link to comment https://forums.phpfreaks.com/topic/54360-backtick-operator-and-security/#findComment-270206 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.