Comments on: Stupid PHP Tricks: (true == false) http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/ Look! Bunnies! Tue, 02 Mar 2010 14:50:43 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Webspace Creations http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-26432 Webspace Creations Wed, 23 Dec 2009 17:09:20 +0000 http://www.otton.org/?p=172#comment-26432 When something as basic as comparisons do not function as expected, this is a serious problem and it is a problem that hackers are exploiting RIGHT NOW. Programmers aren't lazy, they want a consistent programming environment. Many are coming from strict languages like C/C++. An expression like ('1a' == 1) should not evaluate as true. Loose typing would mean that ('1' == 1) evaluates as true, but PHP tries too hard to make an expression work and the === convention is an oddity (meaning any programmer with real experience is going to be unfamiliar with it). Weak typing is fine, but fundamental operations, such as comparisons, should work in a consistent and predictable way if we're going to get serious about building secure web apps. When something as basic as comparisons do not function as expected, this is a serious problem and it is a problem that hackers are exploiting RIGHT NOW. Programmers aren’t lazy, they want a consistent programming environment. Many are coming from strict languages like C/C++. An expression like (‘1a’ == 1) should not evaluate as true. Loose typing would mean that (‘1′ == 1) evaluates as true, but PHP tries too hard to make an expression work and the === convention is an oddity (meaning any programmer with real experience is going to be unfamiliar with it). Weak typing is fine, but fundamental operations, such as comparisons, should work in a consistent and predictable way if we’re going to get serious about building secure web apps.

]]> By: pbean http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-26108 pbean Thu, 19 Nov 2009 21:21:40 +0000 http://www.otton.org/?p=172#comment-26108 === to the rescue... I have been using it more and more. But in my opinion the whole language is a mess and should get a big overhaul. Just have a look at these different kinds of constructs which can, in some situations, do the same or worse have completely unexpected behavior: if (isset($a)) ... if (is_null($a)) ... if ($a == null) ... if ($a === null) ... if ($a) ... if (!!$a) ... === to the rescue… I have been using it more and more. But in my opinion the whole language is a mess and should get a big overhaul. Just have a look at these different kinds of constructs which can, in some situations, do the same or worse have completely unexpected behavior:

if (isset($a)) …
if (is_null($a)) …
if ($a == null) …
if ($a === null) …
if ($a) …
if (!!$a) …

]]> By: Sava http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-25521 Sava Tue, 01 Sep 2009 07:45:23 +0000 http://www.otton.org/?p=172#comment-25521 Probably because 00 = 0 ? :D Probably because 00 = 0 ? :D

]]> By: Javi http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-24765 Javi Thu, 23 Apr 2009 09:02:47 +0000 http://www.otton.org/?p=172#comment-24765 I searched Google for php "true == false" and found your post. The reason was, today I ran into the same example as you did. But in my case, I think it's even funnier/more stupid. Just assign $a = '00' and $b = '0'. The same conditions apply to these values, and the universe is broken again. Why in the world do two different strings evaluate to be the same? Who knows. I searched Google for php “true == false” and found your post.

The reason was, today I ran into the same example as you did. But in my case, I think it’s even funnier/more stupid.

Just assign $a = ‘00′ and $b = ‘0′. The same conditions apply to these values, and the universe is broken again.

Why in the world do two different strings evaluate to be the same? Who knows.

]]> By: James Lawrie http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-5030 James Lawrie Fri, 19 Dec 2008 11:54:01 +0000 http://www.otton.org/?p=172#comment-5030 Nick - this doesn't make PHP a weakly typed language any more than having the symptoms of influenza gives you the flu. PHP *is* weakly typed (it's often referred to as duck-typed - if it quacks like a duck, it's probably a duck) - this is just a symptom of that. Maybe you are inferring that the word "weakly" infers this is a bad thing, whereas it doesn't, it's just the name for this kind of typing. Nick – this doesn’t make PHP a weakly typed language any more than having the symptoms of influenza gives you the flu. PHP *is* weakly typed (it’s often referred to as duck-typed – if it quacks like a duck, it’s probably a duck) – this is just a symptom of that.
Maybe you are inferring that the word “weakly” infers this is a bad thing, whereas it doesn’t, it’s just the name for this kind of typing.

]]> By: Link Flood - 09/11/2008 | 1337hax0r.com http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-4972 Link Flood - 09/11/2008 | 1337hax0r.com Mon, 08 Dec 2008 20:53:52 +0000 http://www.otton.org/?p=172#comment-4972 [...] (true == false)? Apparently it does in PHP. [...] [...] (true == false)? Apparently it does in PHP. [...]

]]> By: Nick | Resource Pile http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-4738 Nick | Resource Pile Mon, 29 Sep 2008 13:29:19 +0000 http://www.otton.org/?p=172#comment-4738 Nice, but I wouldn't go as far to say this makes php a weakly typed language. It's a good thing. Yes, you can do the above, but the aim of such a language is to create things, so the easier it is to create them (while remaining fast and relatively-low on code), the better the language in my eyes. Nice, but I wouldn’t go as far to say this makes php a weakly typed language. It’s a good thing. Yes, you can do the above, but the aim of such a language is to create things, so the easier it is to create them (while remaining fast and relatively-low on code), the better the language in my eyes.

]]> By: David Mackey http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-4636 David Mackey Tue, 09 Sep 2008 20:37:24 +0000 http://www.otton.org/?p=172#comment-4636 Nice article. :) Stumbled on ya. Nice article. :) Stumbled on ya.

]]> By: Frank http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-4634 Frank Mon, 08 Sep 2008 11:04:48 +0000 http://www.otton.org/?p=172#comment-4634 ... that is why we have strict comparisons with === and !== … that is why we have strict comparisons with === and !==

]]> By: Oliver Ong http://www.otton.org/2008/08/06/stupid-php-tricks-true-false-comparison/comment-page-1/#comment-4527 Oliver Ong Mon, 25 Aug 2008 14:10:10 +0000 http://www.otton.org/?p=172#comment-4527 CPP, um i would rather use php to do websites than use c/c++ or even asm. lets see who finishes creating a db add edit and delete transaction first. CPP, um i would rather use php to do websites than use c/c++ or even asm. lets see who finishes creating a db add edit and delete transaction first.

]]>