PHP Binary Security Detailed

Source: Internet
Author: User
Tags strcmp
This article mainly share with you the PHP binary security details, I hope to help everyone.

1. PHP binary Securitybinary-safe

The internal functions of PHP can ensure that the expected results are achieved when manipulating binary data, such as,, and so on, str_replace stristr strcmp We say that these functions are binary safe.

The following is a comparison between the C language and PHP to see their processing of binary data

#include "stdio.h" #include "string.h" int main () {char a[] = "aa\0b"; char b[] = "aa\0c";p rintf ("%d\n", strcmp (A, b));p rintf ("%ld\n", strlen (A));} /* 0 2 */

It can be seen that the C language is the end of the "\0" string, so think "aa\0b' and "aa\0c" is the same, the length of 2 discarded "\0b" and "\0c" .

<?php/** * Created by Phpstorm. * User:leon * DATE:17/11/6 * Time: Morning 10:24 * *    $a = "aa\0b";    $b = "aa\0c";    $c = "\0\0";    $d = ' a ';    $e = ' a ';    Var_dump (strcmp ($a, $b));    Var_dump (strcmp ($c, $d));    Var_dump (strlen ($a));    Var_dump (strlen ($c)); # res:int ( -1) int (0) int (4) int (2)

PHP "aa\0b" is different and has a "aa\0c" length of 4

2. The principle of binary security implemented in PHP

The string in PHP is zend_string represented by:

The variables in PHP zend_value represent:

    • GC: Variable reference information, such as the reference number of the current value, all variable types used in reference counting have this structure, section 3.1 will be analyzed in detail

    • H: Hash value, which is used when evaluating an index in an array

    • Len: String length, this value guarantees binary security

    • Val: string content, variable length struct, allocating memory at Len length


    • Len: string length, which guarantees binary security, does not require the end of a string to be judged like C with the

3.SDS

C: As a Terminator ’\0’ , the C string cannot contain binary data such as text, pictures, audio, video, compressed files, and so on.
PHP: Record len
Sds:simple Dynamic string abstract type for simple dynamic strings, applied to a character representation:

SDS Data structure:

struct SDSHDR {    # records the number of bytes used in the BUF array    # equals the length of the string saved by SDS    int len;    # record the number of bytes not used in the BUF array    int free;    # byte array, used to hold string    char buf[];};

The length of the string saved by SDS is also documented in the structure definition of redis, which guarantees binary security, and the SDS API uses the Len attribute of the string to determine whether the string ends

1. PHP binary Securitybinary-safe

The internal functions of PHP can ensure that the expected results are achieved when manipulating binary data, such as,, and so on, str_replace stristr strcmp We say that these functions are binary safe.

The following is a comparison between the C language and PHP to see their processing of binary data

#include "stdio.h" #include "string.h" int main () {char a[] = "aa\0b"; char b[] = "aa\0c";p rintf ("%d\n", strcmp (A, b));p rintf ("%ld\n", strlen (A));} /* 0 2 */

It can be seen that the C language is the end of the "\0" string, so think "aa\0b' and "aa\0c" is the same, the length of 2 discarded "\0b" and "\0c" .

<?php/** * Created by Phpstorm. * User:leon * DATE:17/11/6 * Time: Morning 10:24 * *    $a = "aa\0b";    $b = "aa\0c";    $c = "\0\0";    $d = ' a ';    $e = ' a ';    Var_dump (strcmp ($a, $b));    Var_dump (strcmp ($c, $d));    Var_dump (strlen ($a));    Var_dump (strlen ($c)); # res:int ( -1) int (0) int (4) int (2)

PHP "aa\0b" is different and has a "aa\0c" length of 4

2. The principle of binary security implemented in PHP

The string in PHP is zend_string represented by:

The variables in PHP zend_value represent:

    • GC: Variable reference information, such as the reference number of the current value, all variable types used in reference counting have this structure, section 3.1 will be analyzed in detail

    • H: Hash value, which is used when evaluating an index in an array

    • Len: String length, this value guarantees binary security

    • Val: string content, variable length struct, allocating memory at Len length


    • Len: string length, which guarantees binary security, does not require the end of a string to be judged like C with the

3.SDS

C: As a Terminator ’\0’ , the C string cannot contain binary data such as text, pictures, audio, video, compressed files, and so on.
PHP: Record len
Sds:simple Dynamic string abstract type for simple dynamic strings, applied to a character representation:

SDS Data structure:

struct SDSHDR {    # records the number of bytes used in the BUF array    # equals the length of the string saved by SDS    int len;    # record the number of bytes not used in the BUF array    int free;    # byte array, used to hold string    char buf[];};

The length of the string saved by SDS is also documented in the structure definition of redis, which guarantees binary security, and the SDS API uses the Len attribute of the string to determine whether the string ends.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.