About binary Security in PHP

1. PHP Binary Security Binary-safe

PHP's internal functions are guaranteed to achieve the desired results when manipulating binary data, such as Str_replace, Stristr, strcmp, and so on, we say that these functions are binary safe.

The following is a comparison between the C language and PHP to see their processing of binary data

#include "stdio.h" #include "string.h" int main () {char a[] = "aa\0b"; char b[] = "aa\0c";p rintf ("%d\n", strcmp (A, b));p rintf ("%ld\n", strlen (A));} /* 0 2 */

It can be seen that the C language "" "is the end of the string, so that" aa\0b "and" aa\0c "is the same, the length of 2 abandoned" \0b "and" \0c ".

<?php/** * Created by Phpstorm. * User:leon * DATE:17/11/6 * Time: Morning 10:24 * *    $a = "aa\0b";    $b = "aa\0c";    $c = "\0\0";    $d = ' a ';    $e = ' a ';    Var_dump (strcmp ($a, $b));    Var_dump (strcmp ($c, $d));    Var_dump (strlen ($a));    Var_dump (strlen ($c)); # res:int ( -1) int (0) int (4) int (2)

PHP "aa\0b" and "aa\0c" are different, and the length is 4

2. The principle of binary security implemented in PHP

The string in PHP is represented by zend_string:

The variable zend_value in PHP means:

• GC: Variable reference information, such as the reference number of the current value, all variable types used in reference counting have this structure, section 3.1 will be analyzed in detail

• H: Hash value, which is used when evaluating an index in an array

• Len: String length, this value guarantees binary security

• Val: string content, variable length struct, allocating memory at Len length

• 
  Len: string length, which guarantees binary security, does not require the end of a string to be judged like C with the

3.SDS

C: With ' + ' as the Terminator, so C's string can not contain text, pictures, audio, video, compressed files such as binary data.
PHP: Record len
Sds:simple Dynamic string abstract type for simple dynamic strings, applied to a character representation:

SDS Data structure:

struct SDSHDR {    # records the number of bytes used in the BUF array    # equals the length of the string saved by SDS    int len;    # record the number of bytes not used in the BUF array    int free;    # byte array, used to hold string    char buf[];};

The length of the string saved by SDS is also documented in the structure definition of redis, which guarantees binary security, and the SDS API uses the Len attribute of the string to determine whether the string ends.