I am not sure what the issue is. I assume it is an encoding issue. What I would like is for
pack('V', 0x41) == "A"
to return true. This is not the case even though the encoding from mb_detect_encoding() returns ASCII for both and both print “A” to the screen when echoed. The real issue is that when the packed string is included in a sql query:
$sql = "SELECT item_name, item_description FROM items WHERE item_name LIKE '$querystr%'";
it fails to execute the query, even though when printed to the screen the strings are equivalent. This is for a CTF challenge I am creating, so yes, that code is meant to be vulnerable to injection.
Advertisement
Answer
The V argument in pack
takes 32-bit unsigned values(little-endian byte order) so your call looks like
pack('V', 0x00000041) === "A"
You can use trim to get rid of the excess nulls you can use another option, for instance c
pack('c', 0x41) === "A"