PHP安全之道之数组比较比较缺陷

作者: 温新

分类: 【PHP基础】

阅读: 2330

时间: 2020-10-11 14:01:15

当使用in_array()或array_search()函数时,如果$strict参数没有设置为true,则in_array()或array_seach()将使用松散比较来判断$needle是否在$haystack中。

in_array — 检查数组中是否存在某个值

in_array( mixed $needle, array $haystack[, bool $strict = FALSE] ) : bool

array_search — 在数组中搜索给定的值,如果成功则返回首个相应的键名 

array_search( mixed $needle, array $haystack[, bool $strict = false] ) : mixed

问题示范

<span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(137, 221, 255)"><?</span><span style="box-sizing: border-box;color: rgb(240, 113, 120)">php</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px">    </span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>   <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> [<span style="box-sizing: border-box;color: rgb(255, 83, 112)">0</span>,<span style="box-sizing: border-box;color: rgb(255, 83, 112)">1</span>,<span style="box-sizing: border-box;color: rgb(255, 83, 112)">3</span>,<span style="box-sizing: border-box;color: rgb(195, 232, 141)">'5'</span>];</span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> <span style="box-sizing: border-box;color: rgb(195, 232, 141)">'www.ziruchu.com'</span>; </span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> <span style="box-sizing: border-box;color: rgb(195, 232, 141)">'1www.ziruchu.com'</span>;</span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">in_array</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>));   <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// true</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">array_search</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>));  <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// 下标:0</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">in_array</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>));   <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// true</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">array_search</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span> , <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>));  <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// 下标:1</span></span>

由结果可见,结果在我们的意料之外。如使用in_array()检查数组中是否存在$sear1时尽然为true,这显示不是我们所要的结果,不是我们所要的结果,那就是错误。

解决之道使用严格检查

<span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(137, 221, 255)"><?</span><span style="box-sizing: border-box;color: rgb(240, 113, 120)">php</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px">    </span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>   <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> [<span style="box-sizing: border-box;color: rgb(255, 83, 112)">0</span>,<span style="box-sizing: border-box;color: rgb(255, 83, 112)">1</span>,<span style="box-sizing: border-box;color: rgb(255, 83, 112)">3</span>,<span style="box-sizing: border-box;color: rgb(195, 232, 141)">'5'</span>];</span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> <span style="box-sizing: border-box;color: rgb(195, 232, 141)">'www.ziruchu.com'</span>; </span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> <span style="box-sizing: border-box;color: rgb(195, 232, 141)">'1www.ziruchu.com'</span>;</span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">in_array</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> , <span style="box-sizing: border-box;color: rgb(247, 140, 108)">true</span>));   <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// false</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">array_search</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> ,<span style="box-sizing: border-box;color: rgb(247, 140, 108)">true</span>));   <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// false</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">in_array</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> ,<span style="box-sizing: border-box;color: rgb(247, 140, 108)">true</span>));    <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// false</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">array_search</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span> , <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> ,<span style="box-sizing: border-box;color: rgb(247, 140, 108)">true</span>));  <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// false</span></span>

我是小白,期待和优秀的你一起同行!

小白

2020年10月11日

请登录后再评论