PHP Type Juggling

Type Juggling and Loose Comparison

# Type Juggling
# In PHP, “==” returns true if $a equals $b AFTER transtyping
"0000" == int(0) -> TRUE
"0e12" == int(0) -> TRUE
"1abc" == int(1) -> TRUE
"0abc" == int(0) -> TRUE
"abc"  == int(0) -> TRUE


# Loose Comparison
# In PHP, if “==” is used, then 2 strings beginning by “0e” and filled with numbers will always be equal
# It means that you can use magic hashes (0exxxx...) to break the comparison
# md5(240610708) = 0e462097431906509019562988736854
# So 0e == 240610708 → true
# Magic hash for SHA-224
10885164793773 --> 0e281250946775200129471613219196999537878926740638594636
# Magic hash for SHA-256
34250003024812 --> 0e46289032038065916139621039085883773413820991920706299695051332


strcmp()

# If you provide an array to strcmp() it returns NULL
# NULL == 0