Errata
The following list pertains to errata in the first printing. In cases where errors exist in the code, they are corrected immediately in the code repository.
To report errors, please contact the author.
Page Errata
x
Error:
attracks
Correction:
attacks
attracks
Correction:
attacks
xi
Error:
http://elists.oreilly.com
Correction:
http://elists.oreilly.com/
http://elists.oreilly.com
Correction:
http://elists.oreilly.com/
URLs must contain the path to the resource. Although
this goes against O'Reilly's style guide, technical
precision is more important than style.
3
Error:
/usr/local/apache/logs/error_log
Correction:
/path/to/error_log
/usr/local/apache/logs/error_log
Correction:
/path/to/error_log
Both references to the error log on this page should
emphasize the fact that this path is arbitrary.
6
Error:
search = $_GET['search'];
Correction:
$search = $_GET['search'];
search = $_GET['search'];
Correction:
$search = $_GET['search'];
10
Error:
while (strpos($_POST['filename'], '..')
Correction:
while (strpos($filename, '..')
while (strpos($_POST['filename'], '..')
Correction:
while (strpos($filename, '..')
Without inspecting $filename, this is an endless
loop.
12
Error:
printf
printf
The entry for printf can be removed from the bulleted
list, because a search for print includes these cases.
25
Error:
<option name="pen">pen</option>
<option name="pencil">pencil</option>
Correction:
<option value="pen">pen</option>
<option value="pencil">pencil</option>
<option name="pen">pen</option>
<option name="pencil">pencil</option>
Correction:
<option value="pen">pen</option>
<option value="pencil">pencil</option>
26
Error:
http://www.google.com
Correction:
http://www.google.com/
http://www.google.com
Correction:
http://www.google.com/
30
Error:
Red from the list and clicks Select
Correction:
Red from the list and clicks Select
Red from the list and clicks Select
Correction:
Red from the list and clicks Select
The words "Red" and "Select" should be in a
fixed-width font.
36
Error:
discoveries have revealed both weaknesses
Correction:
discoveries have revealed weaknesses
discoveries have revealed both weaknesses
Correction:
discoveries have revealed weaknesses
This sentence has been reworded improperly, and the
word "both" is now misleading.
39
Error:
INTO user(last_name)
Correction:
INTO users(last_name)
INTO user(last_name)
Correction:
INTO users(last_name)
This isn't an error, but it is inconsistent with the
naming conventions I use elsewhere in the book.
42
In Figure 4-2, the "No" path from "PHPSESSID in
query string?" is not labeled.
55
Error:
basename($_GET['filename'] ==
Correction:
basename($_GET['filename']) ==
basename($_GET['filename'] ==
Correction:
basename($_GET['filename']) ==
55
Error:
/* $filename is within /path/to */.
Correction:
/* $filename is within /path/to. */
/* $filename is within /path/to */.
Correction:
/* $filename is within /path/to. */
56
Error:
and the filename is treated as
Correction:
and the original filename is treated as
and the filename is treated as
Correction:
and the original filename is treated as
69
Error:
setcookie('auth', $cookie);
Correction:
setcookie('auth', $auth);
setcookie('auth', $cookie);
Correction:
setcookie('auth', $auth);
This is meant to be an example of what not to do, but not because of the typo.
82
Error:
"$path/$sess_name"
Correction:
"$path/sess_$sess_name"
"$path/$sess_name"
Correction:
"$path/sess_$sess_name"
83
Error:
ENT_QUOTES, 'UTF-8'));
Correction:
ENT_QUOTES, 'UTF-8');
ENT_QUOTES, 'UTF-8'));
Correction:
ENT_QUOTES, 'UTF-8');
This line of code (longest on this page) has an extra
closing parenthesis.
90
Error:
get_magic_quotes_gpc
Correction:
magic_quotes_gpc
get_magic_quotes_gpc
Correction:
magic_quotes_gpc
To report errors, please contact the author.