1. convert a variable to an integer.
Syntax: int intval (mixed var, int [base]);
Return value: integer
Function types: PHP system functions
Description: This function converts a variable to an integer. the base parameter that can be omitted is the basis of the conversion. the default value is 10, the converted variable var can be any type variable other than the array or class.
Security vulnerability analysis due to improper use of intval ()
The intval function has a feature: "Conversion starts only when a number or positive or negative sign is encountered, and the conversion ends when a non-number or string ends ", in some applications, due to insufficient understanding of the intval function, improper use may cause security vulnerabilities caused by bypassing some security judgments.
II. analysis code:
PHP_FUNCTION(intval) { zval **num, **arg_base; int base; switch (ZEND_NUM_ARGS()) { case 1: if (zend_get_parameters_ex(1, &num) == FAILURE) { WRONG_PARAM_COUNT; } base = 10; break; case 2: if (zend_get_parameters_ex(2, &num, &arg_base) == FAILURE) { WRONG_PARAM_COUNT; } convert_to_long_ex(arg_base); base = Z_LVAL_PP(arg_base); break; default: WRONG_PARAM_COUNT; } RETVAL_ZVAL(*num, 1, 0); convert_to_long_base(return_value, base); } Zend/zend_operators.c->>convert_to_long_base() ……case IS_STRING: strval = Z_STRVAL_P(op); Z_LVAL_P(op) = strtol(strval, NULL, base); STR_FREE(strval); break;
When the intval function receives a string parameter, it calls convert_to_long_base () for processing, and then calls Z_LVAL_P (op) = strtol (strval, NULL, base). The strtol function is used to process the parameter.
The function prototype is as follows: long int strtol (const char * nptr, char ** endptr, int base );
This function converts the nptr parameter to a growth integer number based on the base parameter. the base parameter ranges from 2 to 36, or 0. the base parameter indicates the base mode. for example, if the base value is 10, the base value is 10. if the base value is 16, the base value is hexadecimal.
The process is as follows: strtol () scans the nptr parameter string, skips the leading space character, and starts conversion only when a number or positive or negative sign is encountered, and then ends when a non-number or string ends () end the conversion and return the result.
When intval is used in the if and so on, it will cause the judgment to be de-meaningful, leading to security vulnerabilities.
III. test code:
Intval ($ o) = ". intval ($ o); if (intval ($ o) {print ("true") ;}else {print ("false") ;}}/* output result: intval (0.2) = 0 false intval (0.3) = 0 false intval (0.4) = 0 false intval (0.5) = 0 false intval (0.6) = 0 false intval (0.7) = 0 false intval (0.8) = 0 false intval (0.9) = 0 false intval (1) = 0 false intval (1.1) = 1 true intval (1.2) = 1 true intval (1.3) = 1 true intval (1.4) = 1 true intval (1.5) = 1 true intv Al (1.6) = 1 true intval (1.7) = 1 true intval (1.8) = 1 true intval (1.9) = 1 true intval (2) = 2 true ..... */Php intval differs from int in the following code: $ t = '000000'; echo gettype (int) ($ t); echo ''; echo gettype (intval ($ t); // output result: integer value: 165 $ t = 'a165'; echo gettype (int) ($ t )); echo ''; echo gettype (intval ($ t); // result integer value: 0, 0 $ string =" 2a "; $ string1 = intval ($ string ); echo '$ string1 value :'. $ string1. '$ string2 value:'; // The variable is not output in single quotes, and $ string2 = (int) ($ string) is output as is; echo $ string2
Permanent link:
Reprint at will! Include the article address.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
