String comparison using == operator in PHP_PHP Tutorial

A new article comparing strings in PHP with the == operator recently published on Greg Beaver's blog mentioned issues worth noting when comparing strings with PHP's == operator.

In some cases, PHP will convert numerical data (such as strings containing numbers, etc.) into numerical processing, and the == operator is one of them. When using the == operator to loosely compare two strings, PHP will convert -like numerical strings into numerical values ​​for comparison. The following experiment confirms this conclusion:
<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187)"><code><span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187)"><br><span style="FONT-FAMILY: Verdana"><?php</SPAN><BR style="FONT-FAMILY: Verdana"><SPAN style="FONT-FAMILY: Verdana">var_dump</SPAN></SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'01' </SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">== </SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">1</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">);<BR></SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana"></SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana"><SPAN style="COLOR: rgb(0,0,187)"><SPAN style="FONT-FAMILY: Verdana">?></span><br><br></span></span> var_dump('01' == 1);
?>


The output result of the above code is:
bool(true) Therefore, when using When comparing strings, it is recommended to use the === operator to strictly check the strings, or use functions such as strcmp() to avoid possible problems. The "PHP Type Comparison Table" in the PHP manual also explains this in detail.

<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana"><?php<BR>var_dump</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">in_array</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'01'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">, array(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'1'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">)));<BR></SPAN><SPAN style="COLOR: rgb(0,0,187)"><SPAN style="FONT-FAMILY: Verdana">?></span><br></span> In addition, the commonly used in_array() function also has weak type problems, see the following code:

<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana"><?php<br>var_dump</SPAN><SPAN style= "COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">in_array</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'01' </SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">, array(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT- FAMILY: Verdana">'1'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">)));<br></SPAN><SPAN style="COLOR : rgb(0,0,187)"><SPAN style="FONT-FAMILY: Verdana">?></span></span>Above The code output result is: bool(true)

I believe that PHP programmers who have used this function for security checks know what kind of security problems this will cause, right? Fortunately, the <span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana"><?php <BR>var_dump</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">in_array</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'01'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">, array(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'1'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">), </SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">true</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">)); <BR></SPAN><SPAN style="COLOR: rgb(0,0,187)"><SPAN style="FONT-FAMILY: Verdana">?></span><br><br></span>in_array() function provides us with a third parameter. Setting it to true can turn on the mandatory type checking mechanism of the
in_array() function, as shown in the following code:

<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">&lt ;?php <font face="Verdana" size="2">var_dump</font></span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</span><span style="COLOR: rgb(0,0,187) ; FONT-FAMILY: Verdana">in_array</span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</span><span style="COLOR: rgb(221, 0,0); FONT-FAMILY: Verdana">'01'</span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">, array(</span><span style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'1'</span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">), </span><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">true</span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">)); </span><span style="COLOR: rgb(0,0,187)"><span style="FONT-FAMILY: Verdana">?></span></span></span>

The output result is: bool(false) Since PHP is a weakly typed language, That is to say, the concept of data type is weakened in PHP. Therefore, if you ignore data types too much when programming (which is also a common problem among most PHP programmers), some problems will occur and even security vulnerabilities will occur. Finally, as the annoying saying goes, strictly check and filter external data. http://www.bkjia.com/PHPjc/317213.htmlwww.bkjia.com

truehttp: //www.bkjia.com/PHPjc/317213.htmlTechArticle mentioned in a new article recently published on Greg Beaver's blog comparing strings in PHP with the == operator As for the issues worth noting when comparing strings with PHP's == operator...