Some technical details of PHP development that are easy to forget, PHP development details
When doing development, it is possible to forget some technical details. These details can have serious consequences, such as websites being injected, websites crashing, and so on. Now let's summarize some of the "traps" in PHP that you might encounter.
Trap One: Empty ()
<?php//The following code directly causes PHP parsing error $arr1 = [1, 2, 3]; $arr 2 = [3, 4];if (Empty (Array_diff ($arr 1, $arr 2))) {//Parse error echo ' empty '; } else { echo ' not Empty ';}
The latest official website manual has a special description:
Note:
Before PHP 5.5, empty () only supported variables; anything else would result in a parsing error.
In other words, the following code does not take effect: empty (Trim ($name)). As an alternative, you should use trim ($name) = = False.
I recently encountered this error, is the use of Phalcon development, the server has been reported 503 errors, at the beginning will be baffled, through the line of elimination, only due to empty error usage caused. Of course, since PHP 5.5, empty has supported this notation.
Trap II: In_array ()
<?php//determine whether the user submitted user id//$post _dirty_id = ' 1092 '; $post _dirty_id = ' 1092 ORDER by #1 '; $safe _arr = [ 987 =] Small Ming ', 1092 = ' Tom ', 1256 = ' ole L '];if (In_array ($post _dirty_id, Array_keys ($safe _arr))) { echo ' find Me ';} else { echo ' do not find me ';} Output: Find me, this result is obviously wrong
I found this problem because the site was injected into SQL, fortunately, then when the test was found, did not cause serious consequences.
There are other places to note about the use of the In_array () function, and there are a number of examples in the PHP manual that are provided by netizens to illustrate the "weird" behavior of the function, such as:
<?php $a = [' a ', +, True, ' x ' = ' y ']; Var_dump (In_array ($a)); True, one would expect false var_dump (In_array (' GGG ', $a)); True, one would expect false Var_dump (In_array (0, $a)); True Var_dump (In_array (null, $a)); False
For security reasons, it is recommended that you use this method to determine:
<?php//determine if there is a user-submitted id//in the array $post _dirty_id = ' 1092 '; $post _dirty_id = ' 1092 ORDER by #1 '; $safe _arr = [ 987 = ' Xiao Ming ', 1092 = ' Tom ', 1256 = ' ole L '];if (isset ($safe _arr[$post _dirty_id]) { echo ' Find Me ';} else { echo ' Do not find me ';} Output: Do not find me, this is the correct result
Articles you may be interested in:
- PHP In_array function Use instructions and in_array need to note the local instructions
- PHP isset () and empty () the difference between the use of a detailed
- PHP empty,isset,is_null judgment Comparison (differences and similarities)
- PHP Array function sequence In_array () find out if the array value exists
- PHP empty () checks if a variable is empty
- PHP warning creating default object from empty value problem solving method
- PHP Array Lookup function In_array (), Array_search (), array_key_exists () usages
- thinkphp Template Judging output empty label usage
http://www.bkjia.com/PHPjc/1098687.html www.bkjia.com true http://www.bkjia.com/PHPjc/1098687.html techarticle PHP Development is easy to forget some of the technical details, PHP development details in the development, it is possible to forget some technical details. These details have the potential to cause serious consequences than ...