PHP Weak type security Issue note

One, type conversion problem

 intval(); Var_dump(intval(' 1ASDFASD '));//1    Var_dump(intval(' Awqw12 '));//0    Var_dump(intval(Array()));//0    Var_dump(intval(Array(' foo ', ' Val '));//1    Var_dump(intval(0x1A));//266 binary Conversions    Var_dump(intval(' Asdfqwer '));//0   

Intval If the conversion value is a string, the error is returned instead of 0, and if there are two cases when converting the value to an array, 0 is returned when the value of the conversion is empty, or 1 is returned.

Note: PHP uses 32 bits of memory to hold an integer, 32 bits can represent 4,294,967,296 digits, and a signed word is 2147483647 to 2147483648;

Two, built-in function loose problem

switch ();      $i = ' 3ADCD ';     Switch ($i) {case              1:                     echo ' I was 1 ';                     break;              Case 2:                     echo ' I was 2 ';                     break;              Case 3:                     echo ' I was 3 ';                     break;              Default:                    echo ' i is default ';                    break;     }

The above results will go into switch case 3, why this, if the switch is a numeric type of case judgment, switch will convert the parameters into the int class, so the above execution, the first will be the $i type conversion, the conversion result is 3, so ...

  In_array ();     $arr = [0,1,2,3, ' Test '];     Var_dump (in_array(' Abd ',$arr));    // true    Var_dump (in_array(' 1BC ',$arr));    // true

Why the above implementation results will be this, the following through the query manual, the official said that In_array default is to go loose comparison, only the ratio is equal, and do not compare the value of the same type, so the above results, but you can set the In_array function of the third parameter, Setting to True is a rigorous comparison method.

All of these are the places we need to be aware of in our usual development.

PHP Weak type security Issue note