Home >Backend Development >PHP Tutorial >String comparison using == operator in PHP_PHP Tutorial

String comparison using == operator in PHP_PHP Tutorial

WBOY
WBOYOriginal
2016-07-21 15:59:56866browse

A new article comparing strings in PHP with the == operator recently published on Greg Beaver's blog mentioned issues worth noting when comparing strings with PHP's == operator.

In some cases, PHP will convert numerical data (such as strings containing numbers, etc.) into numerical processing, and the == operator is one of them. When using the == operator to loosely compare two strings, PHP will convert -like numerical strings into numerical values ​​for comparison. The following experiment confirms this conclusion:
<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187)"><code><span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187)"><br><span style="FONT-FAMILY: Verdana"><?php</SPAN><BR style="FONT-FAMILY: Verdana"><SPAN style="FONT-FAMILY: Verdana">var_dump</SPAN></SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'01' </SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">== </SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">1</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">);<BR></SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana"></SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana"><SPAN style="COLOR: rgb(0,0,187)"><SPAN style="FONT-FAMILY: Verdana">?></span><br><br></span></span> var_dump('01' == 1);
?>


The output result of the above code is:
bool(true) Therefore, when using When comparing strings, it is recommended to use the === operator to strictly check the strings, or use functions such as strcmp() to avoid possible problems. The "PHP Type Comparison Table" in the PHP manual also explains this in detail.

<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana"><?php<BR>var_dump</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">in_array</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'01'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">, array(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'1'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">)));<BR></SPAN><SPAN style="COLOR: rgb(0,0,187)"><SPAN style="FONT-FAMILY: Verdana">?></span><br></span> In addition, the commonly used in_array() function also has weak type problems, see the following code:

<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana"><?php<br>var_dump</SPAN><SPAN style= "COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">in_array</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'01' </SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">, array(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT- FAMILY: Verdana">'1'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">)));<br></SPAN><SPAN style="COLOR : rgb(0,0,187)"><SPAN style="FONT-FAMILY: Verdana">?></span></span>
Above The code output result is: bool(true)

I believe that PHP programmers who have used this function for security checks know what kind of security problems this will cause, right? Fortunately, the
<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana"><?php <BR>var_dump</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">in_array</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'01'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">, array(</SPAN><SPAN style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'1'</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">), </SPAN><SPAN style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">true</SPAN><SPAN style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">)); <BR></SPAN><SPAN style="COLOR: rgb(0,0,187)"><SPAN style="FONT-FAMILY: Verdana">?></span><br><br></span>in_array() function provides us with a third parameter. Setting it to true can turn on the mandatory type checking mechanism of the
in_array() function, as shown in the following code:

<span style="COLOR: rgb(0,0,0)"><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">&lt ;?php <font face="Verdana" size="2">var_dump</font></span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</span><span style="COLOR: rgb(0,0,187) ; FONT-FAMILY: Verdana">in_array</span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">(</span><span style="COLOR: rgb(221, 0,0); FONT-FAMILY: Verdana">'01'</span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">, array(</span><span style="COLOR: rgb(221,0,0); FONT-FAMILY: Verdana">'1'</span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">), </span><span style="COLOR: rgb(0,0,187); FONT-FAMILY: Verdana">true</span><span style="COLOR: rgb(0,119,0); FONT-FAMILY: Verdana">)); </span><span style="COLOR: rgb(0,0,187)"><span style="FONT-FAMILY: Verdana">?></span></span></span>

The output result is: Since PHP is a weakly typed language, That is to say, the concept of data type is weakened in PHP. Therefore, if you ignore data types too much when programming (which is also a common problem among most PHP programmers), some problems will occur and even security vulnerabilities will occur. Finally, as the annoying saying goes, strictly check and filter external data. http://www.bkjia.com/PHPjc/317213.htmlwww.bkjia.com
truehttp: //www.bkjia.com/PHPjc/317213.htmlTechArticle mentioned in a new article recently published on Greg Beaver's blog comparing strings in PHP with the == operator As for the issues worth noting when comparing strings with PHP's == operator...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn