Detailed explanation of PHP's == operator string comparison usage and its side effects examples

伊谢尔伦
Release: 2023-03-10 22:00:01
Original
1406 people have browsed it

In some cases, PHP will convert numerical data (such as string containing numbers, etc.) into numerical processing, == operator is one of them. When using the == operator to loosely compare two strings, PHP will convert the numerical string into a numerical value for comparison. The following experiment confirms this conclusion:

<?php
var_dump(&#39;01&#39; == 1);
?>
Copy after login

The output result of the above code is : bool(true)

Therefore, when comparing strings, it is recommended to use the === operator to strictly check the string, or use functions such as strcmp() , thereby avoiding possible problems.

In addition, the commonly used in_array() function also has weak type problems, see the following code:

<?php
var_dump(in_array(&#39;01&#39;, array(&#39;1&#39;)));
?>
Copy after login

The output result of the above code is: bool(true)
I believe that PHP programmers who have used this function to perform security checks know what kind of security problems this will cause, right? Fortunately, the in_array() function provides us with a third parameter. Setting it to true can turn on the mandatory type checking mechanism of the in_array() function, as shown in the following code:

<?php 
var_dump(in_array(&#39;01&#39;, array(&#39;1&#39;), true)); 
?>
Copy after login

The output result is : bool(false)
Since PHP is a weakly typed language, that is to say, the concept of data type is weakened in PHP. Therefore, if you ignore the data type too much when programming (which is also a common problem among most PHP programmers), some problems will occur and even lead to security vulnerabilities. Finally, as the annoying saying goes, strictly check and filter external data.

Side effects

$a = &#39;212345678912000005&#39;; 
$b = &#39;212345678912000001&#39;; 
var_dump($a == $b);
Copy after login

The output of this code is bool(true), indicating that this judgment will conclude that the two are equal. Similar characteristics are in The third parameter of the in_array() function is false or not set. The reason is to first determine whether the string is a number, then convert it to long or double (C language data type) and then determine - use zendi_smart_strcmp. However, the comments in the source code say that the statement considers overflow situations

} else if (dval1 == dval2 && !zend_finite(dval1)) { 
    /* Both values overflowed and have the same sign, 
     * so a numeric comparison would be inaccurate */ 
    goto string_cmp; 
}
Copy after login

dval1 and dval2 are the values ​​​​of two strings converted to double types respectively. But why is this still the case?
Solution, use Three equal signs "===" replace two equal signs "==", and the in_array() function sets the third parameter to true: in_array('val', $array, true).

The above is the detailed content of Detailed explanation of PHP's == operator string comparison usage and its side effects examples. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!