I have this issue with a string:
$val = 'NOT NULL';
if(stripos($val, 'NULL') !== FALSE){
echo "IS $val";
}
It evaluates fine, but if I use === TRUE as evaluator, things go wrong.
The answer eludes me, please help me understand.
If you read the documentation for stripos() you'll find.
Returns the position of where the needle exists relative to the beginnning of the haystack string (independent of offset). Also note that string positions start at 0, and not 1.
Returns FALSE if the needle was not found.
It does not return TRUE. Since you are using strict equality, your condition will never be true.
If you did stripos($val, 'NULL') == TRUE then your code would execute if NULL were found at position 0 - since PHP will do some type-juggling and effectively 0 == (int)true.
The appropriate way to test for existence using stripos() is what you have:
if (stripos($val, 'NULL') !== FALSE){
echo "IS $val";
}
The answer is because you are using the strict equality operator. The function itself returns an int (or boolean if the needle is not found). The return value is not equal (in the strict sense, both value and type) to true, which is why the check fails.
Since === and !== are strict comparison operators - !== false is not the same as ===true since, for example, 1!==false is ok (values and types are not equal), but 1===true is not ok (values are equal, but types are not).
This sample indicates the meaning of strict comparison - i.e. not only values matters, but also types of compared data.
Related
if(strpos("http://www.example.com","http://www.")==0){ // do work}
I'd expect this to resolve as true, which it does. But what happens when I do
if(strpos("abcdefghijklmnop","http://www.")==0){// do work}
This also passes on php 5 because as far as I can work out the strpos returns false which translates as 0.
Is this correct thinking/behaviour? If so what is the workaround for testing for that a substring is at the beginning of another string?
Yes, this is correct / expected behavior :
strpos can return 0 when there is a match at the beginning of the string
and it will return false when there is no match
The thing is you should not use == to compare 0 and false ; you should use ===, like this :
if(strpos("abcdefghijklmnop","http://www.") === 0) {
}
Or :
if(strpos("abcdefghijklmnop","http://www.") === false) {
}
For more informations, see Comparison Operators :
$a == $b will be TRUE if $a is equal to $b.
$a === $b will be TRUE if $a is equal to $b, and they are of the same type.
And, quoting the manual page of strpos :
This function may return Boolean
FALSE, but may also return a
non-Boolean value which evaluates to
FALSE, such as 0 or "". Please
read the section on Booleans for
more information. Use the ===
operator for testing the return
value of this function.
=== and !== compare type and value as shown below:
if (strpos("abcdefghijklmnop", "http://www.") !== false) {
// do work
}
strpos returns an int or boolean false. the == operator also evaluates 0 to mean false, you want to use the === operator (three equals signs) that also checks that the types being compared are the same instead of just seeing if they can be evaluated to mean the same.
so
if (strpos($hastack, $needle) === 0)
{
// the $needle is found at position 0 in the $haystack
}
0 is a possible return value from strpos when it finds a match at the very beginning. In case if the match is not found it returns false(boolean). So you need to check the return value of strpos using the === operator which check the value and the type rather than using == which just checks value.
I personally tend to use this way :
if(!strpos($v,'ttp:'))$v='http://'.$v;
or
if(strpos(' '.$v,'http'))
to avoid the "0" position then always make it a number more than 0
cheers
Sometimes I see people write conditional statements like this:
if($var !== false) {...}
Instead of like this:
if($var == true) {...}
These are the same, right?
I see the former used much more frequently and am wondering if there is a reason behind this, or if it is just personal preference.
I appreciate that this might be opinion based, but I am curious to see if there is a legitimate reason behind this.
This:
if($var !== false) {...}
will only evaluate to false if $var is exactly false. It will not evaluate to false if $var is any other value, whether 'false-y' or not.
This:
if($var == true) {...}
will evaluate to false for any 'false-y' value. e.g. 0, '0'.
In addition this:
if($var === true) {...}
will evaluate to true only if $var is exactly set to true, not other 'truthy-y' values.
So you are correct that they are the same if you know $var is exclusively one of either true or false, but they behave differently for other values.
$var !== false could be used for something other than readability or personal preference. Various PHP functions are expected to return false in case of error and they might as well return a falsy value on success. Take strpos for example:
Returns the position of where the needle exists relative to the
beginning of the haystack string (independent of offset). Also note
that string positions start at 0, and not 1.
Returns FALSE if the needle was not found.
This means the function can return an integer, even 0 if the needle was found at the beginning, and false if needle was not found. You have to use !== false to check if the expression is false, not falsy.
They're not the same.
!== is a strict comparison that compares value and type. $var has to equal (bool) false. This means if a string of 'false' was returned it would fail.
== is a loose comparison that just checks the value. This means $var can equal '(string) string' and be true. When checking a var like this:
if ($var == true) {
}
you check if $var has anything in it/defined. As long as something is a against it (and doesn't equal (bool) false) it will pass the conditional. This means '(string) false' would pass that conditional.
Worth nothing some functions (like strpos) return (bool) false so doing the first one (IMO) is better for those sort of functions.
When you use ==
First, it typecast the variable and compare are those values same.
You can see in the following example
var_dump(0==FALSE); // ( 0 == ( int ) false ) bool(true)
var_dump(0=='anystring'); // ( 0 == ( int ) 'anystring' ) bool(true)
When you use ===
It compares the value and types too
So it would be something like
var_dump( gettype( 0 ) == gettype( false ) && 0 == false )
This is faster in case if your type check fails Since it has not to typecast the value for further 'value check' if type check fails.
PHP is thinking that null is 0 when the character in $position doesn't exist.
$statusentery = $_POST[status];
$position = strpos($statusentery,"<");
if ($position == 0){
echo "Sorry, for security purposes we do not
allow characters such as <";
exit;
}
For example, if $statusentery was equal to "Howdy there", it would return "Sorry, for security purposes we do not allow characters such as <". (unexpected)
If $statusentery was equal to "Howdy there <" it would return blank (expected).
How to make it work so that when I enter "Howdy there", it didn't do the if loop, but when I enter "< howdy there>", it did the if loop?
Because 0 can means "false" in PHP, $postition will be false when it doesn't exist. So you'll need to use the following:
if ($position === 0){
Using the triple equal sign in PHP verifies that the compared values have the same data type. A lot more information can be found here: http://php.net/manual/en/language.operators.comparison.php
From: http://php.net/manual/es/function.strpos.php
WARNING
As strpos may return either FALSE (substring absent) or 0 (substring
at start of string), strict versus loose equivalency operators must be
used very carefully.
To know that a substring is absent, you must use:
=== FALSE
To know that a substring is present (in any position including 0), you
can use either of:
!== FALSE (recommended)
-1 (note: or greater than any negative number)
To know that a substring is at the start of the string, you must use:
=== 0
To know that a substring is in any position other than the start, you
can use any of:
0 (recommended) != 0 (note: but not !== 0 which also equates to FALSE) != FALSE (disrecommended as highly confusing)
Also note that you cannot compare a value of "" to the returned value
of strpos. With a loose equivalence operator (== or !=) it will return
results which don't distinguish between the substring's presence
versus position. With a strict equivalence operator (=== or !==) it
will always return false.
So the code must be:
$statusentery = $_POST[status];
$position = strpos($statusentery,"<");
if ($position === 0){
echo "Sorry, for security purposes we do not allow characters such as <";
exit;
}
This is a tricky function. As stated in the strpos manual:
Warning This function may return Boolean false, but may also return a
non-Boolean value which evaluates to false. Please read the section on
Booleans for more information. Use the === operator for testing the
return value of this function.
I use this comparison, which works well without even a notice level warning:
if ($position > -1)
Returns boolean false when the string is not found, which is evaluable as a number, thus comparing whether the value is greater than -1 actually works well. In case any match is found, even at position 0 the above comparison will be passed.
if (strrpos($_POST['security_data'], $OrderReference) === false ||
md5($_POST['security_data'] . $sekey) != $_POST['security_hash'])
{
return;
}
I don't understand why is strrpos in there and === "3 equals"
and what is the dot "." doing in $_POST['security_data'] . $sekey
Thank You
strrpos returns the position of the substring.
echo strrpos("Hello", "e"); // outputs `1`
. is concatenation.
echo "Hello "."There"; // outputs: 'Hello There'
=== checks type as well as equality.
var_dump(1 == true); // true
var_dump(1 === true); // false
Here's a translation to C#:
string hash = MD5.Create().ComputeHash(Request.Form["security_data"] + sekey);
if (!Request.Form["security_data"].Contains(OrderReference)
|| hash != Request.Form["security_hash"])
{
return;
}
strrpos returns false if the string isn't found (don't know which string in which, but the docs will tell you)
=== compares type as well instead of just value. This is done so php doesn't to any casting, for example 0 == false (0 represents false in php as well) but 0 !== false as 0 isn't the same type as false.
the . is the concat operator in php.
strrpos is "return position of substring within a string, starting from the right (end) side". === is the PHP strict comparison, which compares type AND value. The strpos functions CAN return a legitimate 0 as a position, which is the very start of the string. But 0 evalutes to boolean FALSE in PHP, so the === check ensures that you're looing at a real false (strrpos found nothing) and not just "strrpos found string at position zero".
The dot (.) connects between 2 strings, and the 3 equals checks if the returned value is in the same type as what it compared to
If the contents of the variable $OrderReference are not found in the POST variable security_data, or the MD5 hash of the POST variable security_data, concatenated with (that's the . operator in PHP) the variable $sekey isn't equal to security_hash, return from the function.
=== is used to ensure that the return from strrpos() is the boolean FALSE rather than the possible valid return value of 0. === is for strict type comparison.
if(strpos("http://www.example.com","http://www.")==0){ // do work}
I'd expect this to resolve as true, which it does. But what happens when I do
if(strpos("abcdefghijklmnop","http://www.")==0){// do work}
This also passes on php 5 because as far as I can work out the strpos returns false which translates as 0.
Is this correct thinking/behaviour? If so what is the workaround for testing for that a substring is at the beginning of another string?
Yes, this is correct / expected behavior :
strpos can return 0 when there is a match at the beginning of the string
and it will return false when there is no match
The thing is you should not use == to compare 0 and false ; you should use ===, like this :
if(strpos("abcdefghijklmnop","http://www.") === 0) {
}
Or :
if(strpos("abcdefghijklmnop","http://www.") === false) {
}
For more informations, see Comparison Operators :
$a == $b will be TRUE if $a is equal to $b.
$a === $b will be TRUE if $a is equal to $b, and they are of the same type.
And, quoting the manual page of strpos :
This function may return Boolean
FALSE, but may also return a
non-Boolean value which evaluates to
FALSE, such as 0 or "". Please
read the section on Booleans for
more information. Use the ===
operator for testing the return
value of this function.
=== and !== compare type and value as shown below:
if (strpos("abcdefghijklmnop", "http://www.") !== false) {
// do work
}
strpos returns an int or boolean false. the == operator also evaluates 0 to mean false, you want to use the === operator (three equals signs) that also checks that the types being compared are the same instead of just seeing if they can be evaluated to mean the same.
so
if (strpos($hastack, $needle) === 0)
{
// the $needle is found at position 0 in the $haystack
}
0 is a possible return value from strpos when it finds a match at the very beginning. In case if the match is not found it returns false(boolean). So you need to check the return value of strpos using the === operator which check the value and the type rather than using == which just checks value.
I personally tend to use this way :
if(!strpos($v,'ttp:'))$v='http://'.$v;
or
if(strpos(' '.$v,'http'))
to avoid the "0" position then always make it a number more than 0
cheers