PHP intval function safe application tips_PHP tutorial-PHP Tutorial-php.cn

PHP intval function safe application tips_PHP tutorial

WBOY

Release： 2016-07-15 13:33:34

Original

926 people have browsed it

We learn

1. PHP intval function description

The intval function has a characteristic: "Until it encounters a number or The conversion starts only when the positive and negative signs are positive and negative, and the conversion ends when it encounters non-digits or the end of the string (). In some applications, due to insufficient understanding of the characteristics of the intval function, incorrect use leads to bypassing some safety judgments and leading to safety Vulnerability.

2. PHP intval function analysis

PHP_FUNCTION(intval)
{
zval **num, **arg_base;
int base;
switch (ZEND_NUM_ARGS()) {
case 1:
if (zend_get_parameters_ex(1, &num ) == FAILURE) {
WRONG_PARAM_COUNT;
}
base = 10;
break;

When the intval function receives a string parameter, it calls convert_to_long_base() for processing, and then calls Z_LVAL_P(op) = strtol(strval, NULL, base); to process the parameters through the strtol function .

The prototype of PHP intval function is as follows:

long int strtol(const char *nptr,char **endptr,int base);

This function will convert the parameter nptr string Convert to a long integer according to the parameter base. The parameter base ranges from 2 to 36, or 0. The parameter base represents the base method used. If the base value is 10, decimal is used. If the base value is 16, hexadecimal is used. System etc.

The process is:

strtol() will scan the parameter nptr string, skip the preceding space characters, and do not start conversion until it encounters numbers or positive and negative symbols, and then encounters non-digits or when the string ends () ends the conversion and returns the result.

Then when intval is used in judgments such as if, it will cause the judgment to be meaningless, thus leading to security vulnerabilities.

3. PHP intval function test code <= 2.0.6 wp-trackback.php Zend_Hash_Del_Key_Or_Index/sql injection exploit

//intval.php  
$var="20070601";  
if (intval($var))  
echo "it's safe";  
echo '$var='.$var;  
echo "  
";  
$var1="1 union select 1,1,1 from admin";  
if (intval($var1))  
echo "it's safe too";  
echo '$var1='.$var1;  
?> http://www.bkjia.com/PHPjc/446049.html
www.bkjia.comtrue
http: //www.bkjia.com/PHPjc/446049.html
TechArticle
 Let’s learn 1. PHP intval function description The intval function has a characteristic: it does not start until it encounters a number or a positive or negative sign Do the conversion, and end the conversion when it encounters a non-number or the end of a string (), in some cases...