PHP Array Operators with Security Considerations
PHP Operators with Security Considerations - Part 6
Foreword: In this part of the series, I talk about operators used for PHP arrays.
By: Chrysanthus Date Published: 17 Oct 2018
Introduction
Before we continue, note that loose comparison is when you use == or != , while strict comparison is when you use === or !==
The Union Operator, +
The + symbol is an arithmetic operator. It is also an array operator, but with a different meaning. Try the following code:
<?php
$a = array('a' => 'apple', 'b' => 'pear', 'c' => 'banana', 'd'=>'orange');
$b = array('a' => 'pear', 'b' => 'strawberry', 'c' => 'cherry', 'd' => 'orange', 'e' => 'pear');
$c = $a + $b; // Union of $a and $b
foreach ($c as $key => $value)
{
echo $key, '=>', $value, '<br>';
}
?>
The output is:
a=>apple
b=>pear
c=>banana
d=>orange
e=>pear
The union operator, + returns the right-hand array appended to the left-hand array. For keys that exist in both arrays, the elements (key/value pairs) from the left-hand array will be used, and the matching elements (by keys) from the right-hand array will be ignored.
So, no key is repeated at the result; no duplicate of key/value pairs; but values may repeat as long as their keys do not repeat.
With the union operator, the comparison for the keys is loose comparison.
The Equality and Inequality Operators, == and !=
The equality operators are == and != . == returns TRUE if the key/value pairs of both arrays are the same, from loose comparison, of keys and values; FALSE othewise. Try the following code:
<?php
$a = array(false => 'apple', true => 'pear');
$b = array(0 => 'apple', 1 => 'pear');
if ($a != $b)
{
echo '$a and $b are not the same from loose comparison.';
}
else
{
echo '$a and $b are the same from loose comparison.';
}
?>
The output is:
$a and $b are the same from loose comparison.
This is because PHP array turns TRUE as key to integer, 1 and false as key to integer, 0. Try the following code where the corresponding values are not the same at all.
<?php
$a = array(false => 'apple', true => 'pear');
$b = array(0 => 'apple', 1 => 'orange');
if ($a != $b)
{
echo '$a and $b are not the same from loose comparison.';
}
else
{
echo '$a and $b are the same from loose comparison.';
}
?>
The output is:
$a and $b are not the same from loose comparison.
Here, the corresponding values are not the same at all. == results in TRUE if the corresponding keys are the same for loose comparison and if the corresponding values are the same for loose comparison. Try the following code:
<?php
$a = array('aa' => 'apple', 'bb' => '3');
$b = array('aa' => 'apple', 'bb' => 3);
if ($a != $b)
{
echo '$a and $b are not the same from loose comparison.';
}
else
{
echo '$a and $b are the same from loose comparison.';
}
?>
The output is:
$a and $b are the same from loose comparison.
<> is a synonym to != .
The identity operators, == (and !=) return TRUE (or false) if the key/value pairs of both arrays are the same, of the same type and in the same order.
Try the following code:
<?php
$a = array(false => 'apple', true => 'pear');
$b = array(0 => 'apple', 1 => 'pear');
if ($a === $b)
{
echo '$a and $b are the same from strict comparison.';
}
else
{
echo '$a and $b are not the same from strict comparison.';
}
?>
The output is:
$a and $b are the same from strict comparison.
This output is wrong, because of the turning of TRUE into 1 and FALSE into 0. Try the following code which has no loose opportunity for the keys:
<?php
$a = array('aa' => 'apple', 'bb' => 'pear');
$b = array(0 => 'apple', 1 => 'pear');
if ($a === $b)
{
echo '$a and $b are the same from strict comparison.';
}
else
{
echo '$a and $b are not the same from strict comparison.';
}
?>
The output is:
$a and $b are not the same from strict comparison.
Correct output!
Try the following code where the corresponding values are not the same at all:
<?php
$a = array('aa' => 'apple', 'bb' => 'pear');
$b = array('aa' => 'apple', 'bb' => 'orange');
if ($a === $b)
{
echo '$a and $b are the same from strict comparison.';
}
else
{
echo '$a and $b are not the same from strict comparison.';
}
?>
The output is:
$a and $b are not the same from strict comparison.
Correct output!
Try the following code:
<?php
$a = array('aa' => 'apple', 'bb' => 'pear', 'cc' => 'cherry');
$b = array('aa' => 'apple', 'bb' => 'pear', 'cc' => 'cherry');
if ($a !== $b)
{
echo '$a and $b do NOT have the same key/value pairs and/or the same types and/or the same element order, from strict comparison.';
}
else
{
echo '$a and $b have the same key/value pairs and the same types and the same element order, from strict comparison.';
}
?>
The output is:
$a and $b have the same key/value pairs and the same types and the same element order, from strict comparison.
Correct output!
With the identity (===) and non-identity (!==) array operators, loose comparison takes place on the keys but not on the values. Try the following code:
<?php
$a = array('aa' => 'apple', 'bb' => 2);
$b = array('aa' => 'apple', 'bb' => '2');
if ($a === $b)
{
echo '$a and $b are the same from strict comparison.';
}
else
{
echo '$a and $b are not the same from strict comparison.';
}
?>
The output is:
$a and $b are not the same from strict comparison.
Expected output!
Security Consideration
With loose comparison (equality and inequality array operators) the result may be unexpected. When in doubts, use strict comparison (identity and non-identity array operators), but beware of loose comparison for the keys.
As for the union array operator, +, just be careful as you use it; do not forget that it does loose comparison for the keys.
That is it for this part of the series. We stop here and continue in the next part.
Chrys
Related Links
Basics of PHP with Security ConsiderationsWhite Space in PHP
PHP Data Types with Security Considerations
PHP Variables with Security Considerations
PHP Operators with Security Considerations
PHP Control Structures with Security Considerations
PHP String with Security Considerations
PHP Arrays with Security Considerations
PHP Functions with Security Considerations
PHP Return Statement
Exception Handling in PHP
Variable Scope in PHP
Constant in PHP
PHP Classes and Objects
Reference in PHP
PHP Regular Expressions with Security Considerations
Date and Time in PHP with Security Considerations
Files and Directories with Security Considerations in PHP
Writing a PHP Command Line Tool
PHP Core Number Basics and Testing
Validating Input in PHP
PHP Eval Function and Security Risks
PHP Multi-Dimensional Array with Security Consideration
Mathematics Functions for Everybody in PHP
PHP Cheat Sheet and Prevention Explained
More Related Links