The output result of the above code is:
bool(true) Therefore, when comparing strings, it is recommended to use the PHP operator == to compare strings Check strictly, or use functions such as strcmp() to avoid possible problems.
In addition, the commonly used in_array() function also has weak type problems, see the following code:
1 |
|
The output result of the above code is:
bool(true)
I believe that PHP programmers who have used this function for security checks know what kind of security problems this will cause, right? Fortunately, the in_array() function provides us with a third parameter. Setting it to true can turn on the mandatory type checking mechanism of the in_array() function, as shown in the following code:
1 |
|
The output result is:
bool(false)
Since PHP is a weakly typed language, that is to say, the concept of data type is weakened in PHP. Therefore, if you ignore data types too much when programming (which is also a common problem among most PHP programmers), some problems will occur and even security vulnerabilities will occur. At the end of the introduction of the PHP operator ==, there is still the annoying and annoying sentence, strict inspection and filtering of external data.