Some technical details easily forgotten during php Development, php development details _ PHP Tutorial

Source: Internet
Author: User
Tags website injection
Some technical details that are easy to forget during php development, including php development details. Some technical details are easily forgotten during php Development. some technical details may be forgotten when php development details are being developed. These details may cause serious consequences, such as some technical details that may be easily forgotten during php development and php development details.

Some technical details may be forgotten during development. These details may cause serious consequences, such as website injection and website crash. Now Let's summarize some of the "traps" in PHP ".

Trap 1: empty ()

<? Php // the following code will directly cause PHP parsing errors $ arr1 = [1, 2, 3]; $ arr2 = [3, 4]; if (empty (array_diff ($ arr1, $ arr2) {// resolution error echo 'empty';} else {echo 'not empty ';}

The latest manual on the official website has special instructions on this:

Note:

Before PHP 5.5, empty () only supports variables; anything else will cause a parsing error.

In other words, the following code does not take effect: empty (trim ($ name )). As an alternative, trim ($ name) = false should be used.
The last time I encountered this error was when I used Phalcon for development, the server always reported the 503 error. at the beginning, I thought it was inexplicable. by troubleshooting it row by row, empty error occurs. Of course, empty has supported this method since PHP 5.5.

Trap 2: in_array ()

<? Php // Determine whether the user ID submitted BY the user exists in the array // $ post_dirty_id = '000000'; $ post_dirty_id = '2017 order by #1 '; $ safe_arr = [987 => 'xiaoming ', 1092 => 'Tom', 1256 => 'orelevation ']; if (in_array ($ post_dirty_id, array_keys ($ safe_arr ))) {echo 'find me';} else {echo 'do not find me';} // output result: find me. this result is obviously incorrect.

I found this problem because the website was injected with SQL statements. Fortunately, what I found during the test did not cause serious consequences.

For the use of in_array () functions, there are other points worth our attention. in the PHP manual, there are a large number of examples provided by netizens to illustrate the "weird" behavior of the function, such:

<?php $a = ['a', 32, true, 'x' => 'y']; var_dump(in_array(25, $a)); // true, one would expect false var_dump(in_array('ggg', $a)); // true, one would expect false var_dump(in_array(0, $a)); // true var_dump(in_array(null, $a)); // false

For the sake of security, we recommend that you use the following method for determination:

<? Php // Determine whether the ID submitted BY the user exists in the array // $ post_dirty_id = '000000'; $ post_dirty_id = '2017 order by #1 '; $ safe_arr = [987 => 'xiaoming ', 1092 => 'Tom', 1256 => 'orelevation ']; if (isset ($ safe_arr [$ post_dirty_id]) {echo 'find me';} else {echo 'do not find me';} // output result: do not find me, which is correct.

Articles you may be interested in:
  • Instructions for using php in_array functions and in_array functions
  • Differences between PHP isset () and empty ()
  • Php empty, isset, and is_null comparison (differences and similarities and differences)
  • Php array function sequence: in_array () to find whether the array value exists
  • Php empty () check whether a variable is empty
  • Php warning Creating default object from empty value solution
  • Php array lookup functions in_array (), array_search (), and array_key_exists () use instances
  • Usage of the output Empty tag in the ThinkPHP template judgment

The producer may forget some technical details during development. These details may cause serious consequences, such...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.