PHP Switch Structure and Security Consideration
PHP Control Structures with Security Considerations - Part 3
Foreword: In this part of the series, I explain PHP Switch Structure and Security Consideration.
By: Chrysanthus Date Published: 17 Oct 2018
Introduction
Complete Syntax for if-Statement
The complete syntax for the if-statement is:
if (condition)
{
statements
}
elseif (condition)
{
statements
}
elseif (condition)
{
statements
}
- - -
else
{
statements
}
The else part is the default condition. The default condition is optional.
An example of the switch statement is:
<?php
$hisVar = 100;
if ($hisVar == 10)
{
echo 'Value is small';
}
elseif ($hisVar == 100)
{
echo 'Value is medium';
}
elseif ($hisVar == 1000)
{
echo 'Value is large';
}
else
{
echo '$hisVar is very large';
}
?>
The output is:
Value is medium
The switch Statement
The switch statement is an alternative to the if-elseif statement. Sometimes, the switch statement is faster than the if-elseif statement. The above code is repeated with the switch statement as follows:
<?php
$hisVar = 100;
switch($hisVar)
{
case 10:
{
echo 'Value is small', '<br>';
}
case 100:
{
echo 'Value is medium', '<br>';
}
case 1000:
{
echo 'Value is large', '<br>';
}
default:
{
echo '$hisVar is very large', '<br>';
}
}
?>
The output is,
Value is medium
Value is large
$hisVar is very large
instead of just,
Value is medium
- see solution below.
Note the use and positions of the reserved words, switch and case, which are case-insensitive. Note the use and positions of the colons (:). Also note that the optional 'else' has been replaced by the optional 'default'. The curly brackets that delimit the case blocks are optional.
The switch statement works with scalars and the NULL type in its conditions. It should not be used with arrays, objects and resources (in conditions). With strings, the values for the case statements have to be in quotes.
Switch with the continue Statement
The if-elseif structure executes only one block, where the condition is true. However, the switch structure in PHP executes the block where the condition is true and the rest of the blocks below that. If you do not want a series of blocks below the one where the condition is true to be executed, use the continue statement, as in the following code. Try it:
<?php
$hisVar = 100;
switch($hisVar)
{
case 10:
{
echo 'Value is small', '<br>';
}
case 100:
{
echo 'Value is medium', '<br>';
}
case 1000:
{
echo 'Value is large', '<br>';
continue;
}
default:
{
echo '$hisVar is very large', '<br>';
}
}
?>
The output is:
Value is medium
Value is large
If the switch structure is nested in loops, you can use a positive integer to indicate the outer loop to which the switch structure should be skipped through to.
Security Consideration
The if-elseif structure executes only one block, where the condition is true. However, the switch structure in PHP executes the block where the condition is true and the rest of the blocks below that. This is a weakness. The switch structure should execute only one block where the condition is true. To solve this problem, use the break statement in every block. Try the following code that illustrates this:
<?php
$hisVar = 100;
switch($hisVar)
{
case 10:
{
echo 'Value is small', '<br>';
break;
}
case 100:
{
echo 'Value is medium', '<br>';
break;
}
case 1000:
{
echo 'Value is large', '<br>';
break;
}
default:
{
echo '$hisVar is very large', '<br>';
}
}
?>
The output is:
Value is medium
as required.
Always use the break statement at the end of each block of your switch structure.
With the switch structure, the comparison of a condition is loose. Loose comparison is when you use, == and !=. Strict comparison is when you use === and !==. To solve this problem, use the switch structure when strict comparison does not matter (i.e. when only both values matter and both types do not matter).
That is it for this part of the series. We stop here and continue in the next part.
Chrys
Related Links
Basics of PHP with Security ConsiderationsWhite Space in PHP
PHP Data Types with Security Considerations
PHP Variables with Security Considerations
PHP Operators with Security Considerations
PHP Control Structures with Security Considerations
PHP String with Security Considerations
PHP Arrays with Security Considerations
PHP Functions with Security Considerations
PHP Return Statement
Exception Handling in PHP
Variable Scope in PHP
Constant in PHP
PHP Classes and Objects
Reference in PHP
PHP Regular Expressions with Security Considerations
Date and Time in PHP with Security Considerations
Files and Directories with Security Considerations in PHP
Writing a PHP Command Line Tool
PHP Core Number Basics and Testing
Validating Input in PHP
PHP Eval Function and Security Risks
PHP Multi-Dimensional Array with Security Consideration
Mathematics Functions for Everybody in PHP
PHP Cheat Sheet and Prevention Explained
More Related Links