Carview!

Exporters From Japan

HOME
ABOUT
- RESULTS
- differences
- BENEFITS
- HISTORY
- TEAM
- LOCATION
- FACILITIES
- BANKING
- MEMBERSHIPS
- APPROVALS
- LICENCES
- SUPPLIERS
- SPONSORSHIPS
- MEDIA
- PRIVACY
AUCTIONS
SHIPPING
FEES
- TS REWARDS
TOOLS
guides
FAQ
CONTACT
- CONNECT

VEHICLES
BRAND
- JAPANESE CARS
  - DAIHATSU
  - EUNOS
  - FORD
  - HONDA
  - ISUZU
  - LEXUS
  - MAZDA
  - MITSUBISHI
  - MITSUOKA
  - NISSAN
  - SUBARU
  - SUZUKI
  - TOYOTA
- GERMAN CARS
- AMERICAN CARS
- BRITISH CARS
- ITALIAN CARS
- FRENCH CARS
- SWEDISH CARS
- KOREAN CARS
TYPE
- mobility
- VENDING
- instruction
- TAXIS
- AMBULANCES
- FIRE ENGINES
- HEARSES
- LIMOUSINES
- COMMERCIAL
CLASS
FUEL
TRUCKS
minitrucks
- DAIHATSU
- HONDA
- MAZDA
- MITSUBISHI
- NISSAN
- SUBARU
- SUZUKI
- DUMP
- CRANE
- CAMPER
- REFRIGERATED
- 4WD
- NEW
BUSES
MOTORHOMES
- YAHOO!
- RAKUTEN
- DEALER

PARTS
- FREE REPORT
- PARTS CONTAINERS
- PARTS SYSTEMS
- PARTS PROTECTION
- BODY SHELLS
- DISMANTLING
- ONLINE PARTS
- NEW PARTS
- INTERIOR PARTS
- EXTERIOR PARTS
  - BONNETS
  - BUMPERS
  - GRILLES
  - FENDERS
  - DOORS
  - TRUNKS
  - SPOILERS
  - LIGHTS
  - EMBLEMS
  - CAMERAS
- ENGINES
- TRANSMISSIONS
- WHEELS & TYRES
  - WHEELS
  - TYRES
CUTS
PERFORMANCE PARTS
TRUCK PARTS
MOTORBIKE PARTS
- MOTORBIKE ENGINES
- MOTORBIKE ACCESSORIES

MOTORBIKES
MARINE
FORKLIFTS
MACHINERY
AGRICULTURAL
OTHER
COUNTRY
- AUSTRALIA
- CANADA
- KENYA
- MYANMAR
- NEW ZEALAND
- PAKISTAN
- TANZANIA
- UNITED STATES

CARVIEW

MOTORHOMES

Select Language

HTTP/2 301 server: myracloud date: Fri, 26 Dec 2025 12:23:38 GMT content-type: text/html content-length: 161 location: https://www.php.net/manual/en/security.filesystem.nullbytes.php HTTP/2 200 server: myracloud date: Fri, 26 Dec 2025 12:23:39 GMT content-type: text/html; charset=utf-8 content-language: en permissions-policy: interest-cohort=() x-frame-options: SAMEORIGIN link: ; rel=shorturl last-modified: Fri, 26 Dec 2025 12:08:04 GMT vary: accept-encoding content-encoding: gzip expires: Fri, 26 Dec 2025 12:23:39 GMT cache-control: max-age=0 PHP: Null bytes related issues - Manual update page now

Downloads
Documentation
Get Involved
Help

Getting Started: Introduction; A simple tutorial
Language Reference: Basic syntax; Types; Variables; Constants; Expressions; Operators; Control Structures; Functions; Classes and Objects; Namespaces; Enumerations; Errors; Exceptions; Fibers; Generators; Attributes; References Explained; Predefined Variables; Predefined Exceptions; Predefined Interfaces and Classes; Predefined Attributes; Context options and parameters; Supported Protocols and Wrappers

Security: Introduction; General considerations; Installed as CGI binary; Installed as an Apache module; Session Security; Filesystem Security; Database Security; Error Reporting; User Submitted Data; Hiding PHP; Keeping Current
Features: HTTP authentication with PHP; Cookies; Sessions; Handling file uploads; Using remote files; Connection handling; Persistent Database Connections; Command line usage; Garbage Collection; DTrace Dynamic Tracing

Function Reference: Affecting PHP's Behaviour; Audio Formats Manipulation; Authentication Services; Command Line Specific Extensions; Compression and Archive Extensions; Cryptography Extensions; Database Extensions; Date and Time Related Extensions; File System Related Extensions; Human Language and Character Encoding Support; Image Processing and Generation; Mail Related Extensions; Mathematical Extensions; Non-Text MIME Output; Process Control Extensions; Other Basic Extensions; Other Services; Search Engine Extensions; Server Specific Extensions; Session Extensions; Text Processing; Variable and Type Related Extensions; Web Services; Windows Only Extensions; XML Manipulation; GUI Extensions

Keyboard Shortcuts
?: This help
j: Next menu item
k: Previous menu item
g p: Previous man page
g n: Next man page
G: Scroll to bottom
g g: Scroll to top
g h: Goto homepage
g s: Goto search
(current page)
/: Focus search box

Database Security »

« Filesystem Security

PHP Manual
Security
Filesystem Security

Change language:

Null bytes related issues

As PHP uses the underlying C functions for filesystem related operations, it may handle null bytes in a quite unexpected way. As null bytes denote the end of a string in C, strings containing them won't be considered entirely but rather only until a null byte occurs. The following example shows a vulnerable code that demonstrates this problem:

Example #1 Script vulnerable to null bytes

<?php

$file = $_GET['file']; // "../../etc/passwd\0"

if (file_exists('/home/wwwrun/' . $file . '.php')) {
    // File_exists will return true as the file /home/wwwrun/../../etc/passwd exists
    include '/home/wwwrun/' . $file . '.php';

    // The file /etc/passwd will be included
}

?>

Therefore, any tainted string that is used in a filesystem operation should always be validated properly. Here is a better version of the previous example:

Example #2 Correctly validating the input

<?php

$file = $_GET['file']; 

// Whitelisting possible values
switch ($file) {
    case 'main':
    case 'foo':
    case 'bar':
        include '/home/wwwrun/include/' . $file . '.php';
        break;
    default:
        include '/home/wwwrun/include/main.php';
}

?>

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

User Contributed Notes 2 notes

up

down

10

Anonymous ¶

11 years ago

Looks like this issue was fixed in PHP 5.3 https://bugs.php.net/bug.php?id=39863

up

down

7

cornernote [at] gmail.com ¶

10 years ago

clean input of null bytes:
<?php
$clean = str_replace(chr(0), '', $input);
?>

Filesystem Security
- Null bytes related issues

Copyright © 2001-2025 The PHP Documentation Group
My PHP.net
Contact
Other PHP.net sites
Privacy policy

↑ and ↓ to navigate • Enter to select • Esc to close • / to open

Press Enter without selection to search using Google

HOME
ABOUT
AUCTIONS
SHIPPING
FEES
TOOLS
HOW
FAQ
CONTACT

Original Source | Taken Source