PHP安全之道之数组比较比较缺陷
当使用in_array()或array_search()函数时,如果$strict参数没有设置为true,则in_array()或array_seach()将使用松散比较来判断$needle是否在$haystack中。
in_array — 检查数组中是否存在某个值
in_array( mixed $needle, array $haystack[, bool $strict = FALSE] ) : bool
array_search — 在数组中搜索给定的值,如果成功则返回首个相应的键名
array_search( mixed $needle, array $haystack[, bool $strict = false] ) : mixed
问题示范
<span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(137, 221, 255)"><?</span><span style="box-sizing: border-box;color: rgb(240, 113, 120)">php</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"> </span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> [<span style="box-sizing: border-box;color: rgb(255, 83, 112)">0</span>,<span style="box-sizing: border-box;color: rgb(255, 83, 112)">1</span>,<span style="box-sizing: border-box;color: rgb(255, 83, 112)">3</span>,<span style="box-sizing: border-box;color: rgb(195, 232, 141)">'5'</span>];</span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> <span style="box-sizing: border-box;color: rgb(195, 232, 141)">'www.ziruchu.com'</span>; </span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> <span style="box-sizing: border-box;color: rgb(195, 232, 141)">'1www.ziruchu.com'</span>;</span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">in_array</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>)); <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// true</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">array_search</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>)); <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// 下标:0</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">in_array</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>)); <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// true</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">array_search</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span> , <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span>)); <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// 下标:1</span></span>
由结果可见,结果在我们的意料之外。如使用in_array()检查数组中是否存在$sear1时尽然为true,这显示不是我们所要的结果,不是我们所要的结果,那就是错误。
解决之道使用严格检查
<span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(137, 221, 255)"><?</span><span style="box-sizing: border-box;color: rgb(240, 113, 120)">php</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"> </span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> [<span style="box-sizing: border-box;color: rgb(255, 83, 112)">0</span>,<span style="box-sizing: border-box;color: rgb(255, 83, 112)">1</span>,<span style="box-sizing: border-box;color: rgb(255, 83, 112)">3</span>,<span style="box-sizing: border-box;color: rgb(195, 232, 141)">'5'</span>];</span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> <span style="box-sizing: border-box;color: rgb(195, 232, 141)">'www.ziruchu.com'</span>; </span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span> <span style="box-sizing: border-box;color: rgb(137, 221, 255)">=</span> <span style="box-sizing: border-box;color: rgb(195, 232, 141)">'1www.ziruchu.com'</span>;</span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">in_array</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> , <span style="box-sizing: border-box;color: rgb(247, 140, 108)">true</span>)); <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// false</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">array_search</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear1</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> ,<span style="box-sizing: border-box;color: rgb(247, 140, 108)">true</span>)); <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// false</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">in_array</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span>, <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> ,<span style="box-sizing: border-box;color: rgb(247, 140, 108)">true</span>)); <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// false</span></span><br></br><span style="box-sizing: border-box;padding-right: 0.1px"><span style="box-sizing: border-box;color: rgb(255, 203, 107)">var_dump</span>(<span style="box-sizing: border-box;color: rgb(255, 203, 107)">array_search</span>(<span style="box-sizing: border-box;color: rgb(238, 255, 255)">$sear2</span> , <span style="box-sizing: border-box;color: rgb(238, 255, 255)">$arr</span> ,<span style="box-sizing: border-box;color: rgb(247, 140, 108)">true</span>)); <span style="box-sizing: border-box;color: rgb(103, 110, 149)">// false</span></span>
我是小白,期待和优秀的你一起同行!
小白
2020年10月11日
请登录后再评论