Home >Backend Development >PHP Tutorial >Detailed explanation of the use of $_GET[''goods_id'']+0_PHP tutorial

Detailed explanation of the use of $_GET[''goods_id'']+0_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:08:21975browse

Purpose: In order to prevent sql injection, tid and goods_id are both positive integer types to prevent people from appending statements like ?tid=1 or 1 at the end.
Principle: No matter how sinister your parameters are, they will all become numerical types after +0

For example '?tid=1 or 1' , the value becomes 1 after $_GET['tid']+0;

Some students asked why you don’t use (int) to force conversion or intval to convert.
1: Whichever way you use, the purpose is the same
2: Use +0, Only 2 characters need to be typed, 5 characters need to be typed with (int), and 8 characters need to be typed with intval().
3: For +0, I don’t need to care whether $tid is an integer, a floating point type, or greater than 2 The long integer type of ^32 (such as bigint obtained in mysql) and +0 can be adapted.
But if you use forced conversion, overflow will occur. Of course, you can say that I use float to convert, but there is no difference in scoring. ?.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/327451.htmlTechArticlePurpose: In order to prevent SQL injection, tid and goods_id are both positive integer types to prevent people from appending ?tid= at the end. Statements like 1 or 1. Principle: No matter how sinister your parameters are, +0 will always be true...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn