php intval() decimal time security vulnerability analysis_PHP tutorial

This article first introduces the simple usage of php intval. It can convert characters, numbers, and decimals into gray numeric data. However, there will be some problems during the conversion. For example, a decimal of 1.1 will be converted into 1. Let’s see an example below.

Convert the variable to integer type.

Syntax: int intval(mixed var, int [base]);

Return value: integer

Function type: PHP system function

Content Description

This function can convert variables into integer types. The omitted parameter base is the base of the conversion, with a default value of 10. The converted variable var can be any type variable except an array or class.

Analysis of security vulnerabilities in improper use of intval()

The intval function has a characteristic: "The conversion will not start until a number or a positive or negative sign is encountered, and the conversion will end when it encounters a non-number or the end of the string ()." In some applications, due to insufficient understanding of this feature of the intval function , incorrect use leads to bypassing some security judgments and leading to security vulnerabilities.

2. Analysis

The code is as follows

Copy code

代码如下

复制代码

PHP_FUNCTION(intval) { zval **num, **arg_base; int base; switch (ZEND_NUM_ARGS()) { case 1: if (zend_get_parameters_ex(1, &num) == FAILURE) { WRONG_PARAM_COUNT; } base = 10; break; case 2: if (zend_get_parameters_ex(2, &num, &arg_base) == FAILURE) { WRONG_PARAM_COUNT; } convert_to_long_ex(arg_base); base = Z_LVAL_PP(arg_base); break; default: WRONG_PARAM_COUNT; } RETVAL_ZVAL(*num, 1, 0); convert_to_long_base(return_value, base); } Zend/zend_operators.c->>convert_to_long_base() …… case IS_STRING: strval = Z_STRVAL_P(op); Z_LVAL_P(op) = strtol(strval, NULL, base); STR_FREE(strval); break;

PHP_FUNCTION(intval)

{

zval **num, **arg_base;

int base;

switch (ZEND_NUM_ARGS()) {

case 1:

if (zend_get_parameters_ex(1, &num) == FAILURE) {

WRONG_PARAM_COUNT;

代码如下

复制代码

$o = 0.1; for($a = 1; $a $o += 0.1; echo “ intval($o) = “.intval($o); if(intval($o)){ print(“ true”); }else{ print(“ false”); } }?> 输出结果： intval(0.2) = 0 false intval(0.3) = 0 false intval(0.4) = 0 false intval(0.5) = 0 false intval(0.6) = 0 false intval(0.7) = 0 false intval(0.8) = 0 false intval(0.9) = 0 false intval(1) = 0 false intval(1.1) = 1 true intval(1.2) = 1 true intval(1.3) = 1 true intval(1.4) = 1 true intval(1.5) = 1 true intval(1.6) = 1 true intval(1.7) = 1 true intval(1.8) = 1 true intval(1.9) = 1 true intval(2) = 2 true …..

} base = 10; break; case 2: if (zend_get_parameters_ex(2, &num, &arg_base) == FAILURE) { WRONG_PARAM_COUNT; } convert_to_long_ex(arg_base); base = Z_LVAL_PP(arg_base); break; default: WRONG_PARAM_COUNT; } RETVAL_ZVAL(*num, 1, 0); convert_to_long_base(return_value, base); } Zend/zend_operators.c->>convert_to_long_base() …… case IS_STRING: strval = Z_STRVAL_P(op); Z_LVAL_P(op) = strtol(strval, NULL, base); STR_FREE(strval); break;

When the intval function receives a string parameter, it calls convert_to_long_base() for processing, and then calls Z_LVAL_P(op) = strtol(strval, NULL, base); to process the parameters through the strtol function. The function prototype is as follows: long int strtol(const char *nptr,char **endptr,int base); This function will convert the parameter nptr string into a long integer according to the parameter base. The parameter base ranges from 2 to 36, or 0. The parameter base represents the base method used. If the base value is 10, base 10 is used. System, if the base value is 16, hexadecimal system will be used, etc. The process is: strtol() will scan the parameter nptr string and skip the preceding space characters. It will not start conversion until it encounters numbers or positive and negative symbols. When it encounters non-numbers or the end of the string, () will end the conversion and will The result is returned. Then when intval is used in judgments such as if, it will cause the judgment to be meaningless, thus leading to security vulnerabilities. 3. Test code

The code is as follows

Copy code

$o = 0.1; for($a = 1; $a $o += 0.1; echo “ intval($o) = “.intval($o); if(intval($o)){ print(“ true”); }else{ print(“ false”); } }?> Output result: intval(0.2) = 0 false intval(0.3) = 0 false intval(0.4) = 0 false intval(0.5) = 0 false intval(0.6) = 0 false intval(0.7) = 0 false intval(0.8) = 0 false intval(0.9) = 0 false intval(1) = 0 false intval(1.1) = 1 true intval(1.2) = 1 true intval(1.3) = 1 true intval(1.4) = 1 true intval(1.5) = 1 true intval(1.6) = 1 true intval(1.7) = 1 true intval(1.8) = 1 true intval(1.9) = 1 true intval(2) = 2 true …..

The difference between php intval and int

The code is as follows

代码如下	复制代码
$t ='165'; echo gettype((int)($t)); echo ' '; echo gettype(intval($t)); //输出结果:integer integer value:165 $t ='a165'; echo gettype((int)($t)); echo ' '; echo gettype(intval($t)); //结果 integer integer value:0,0 $string="2a"; $string1=intval($string); echo '$string1的值：'.$string1.'$string2的值：';//单引号不会输出变量，将原样输出 $string2=(int)($string); echo $string2

Copy code

$t ='165';

echo gettype((int)($t));
echo '

---

';
echo gettype(intval($t));

//Output result:integer integer value:165
$t ='a165'; echo gettype((int)($t));
echo '

---

';
echo gettype(intval($t)); //result integer integer value:0,0 $string="2a";
$string1=intval($string);
echo 'The value of $string1:'.$string1.'The value of $string2:';//Single quotes will not output variables and will be output as is
$string2=(int)($string);
echo $string2

http://www.bkjia.com/PHPjc/629657.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629657.htmlTechArticleThis article first introduces the simple usage of php intval, which can convert characters, numbers, and decimals into gray digital data , but there will be some problems during conversion, such as decimal 1.1 will be converted into 1, below...