PHP???????????????

?????????????????????????繥??????????????д?????writeup??????б????????????????????????web?????????е???????????PHP??д????????????????п??????????SQL???XSS?????????????????PHP??????????????????PHP???????????????PHP????????????????????web???????????檔??PHP?е?????????????????????????????????????????????????????????????????????????????????PHP??????д???????????PHP????????????????????
????PHP????????
??????PHP?У??????????μ??????
????$param = 1;
????$param = array();
????$param = "stringg";
?????????????????????????????????????????????κε???????????????????????????????????????????????????????????????????
???????????????
??????????????????????????????????GET??????POST?????????int????????????????????????????PHP?????????б????????????PHP????????????????????????????????????????????????????????
????????????
???????????
??????$a==$b??????
????$a=null;$b=flase ; //true
????$a='';$b=null;  //true
????????????????к???????????????
????????????????????????????????????????￡?
????0=='0'  //true
????0 == 'abcdefg' //true
????0 === 'abcdefg' //false
????1 == '1abcdef' //true
????????????????????б???????????????????????????????п???????????
????Hash???
???????????????????????????hash????????????????????￡?
????"0e132456789"=="0e7124511451155" //true
????"0e123456abc"=="0e1dddada" //false
????"0e1abc"=="0"     //true
????????б??????????????????0ed+????????????????????????????????????????????????????2???????????0??????????????????0ed+????????????????????????????е?md5 collision?п?????
??????????????
??????????????????????????????б????????????????????￡?
????"0x1e240"=="123456"  //true
????"0x1e240"==123456  //true
????"0x1e240"=="1e240"  //false
?????????е???????????0x????????PHP????????????????????????????б???0×1240??????????????123456????????int?????string?????123456?????????????????е?????????????????????????
???????????
??????????????????int????string??string????int??
????int?string??
????$var = 5;
???????1??$item = (string)$var;
???????2??$item = strval($var);
????string?int??intval()??????
????????????????????????2???????
????var_dump(intval('2')) //2
????var_dump(intval('3abcd')) //3
????var_dump(intval('abcd')) //0
???????intval()????????????????????????????????????????????????????????????????????????intval()????????????0??
????intval()??????????????????е?MYSQL?????????п?????
?????????????????????????????????μ???δ???
????if(intval($a)>1000) {
????mysql_query("select * from news where id=".$a)
????}
??????????$a????п?????1002 union…..
???????ú???????????????
???????ú???????????????????ú??????????????????????????????????????????е???????????????????????????????????????????????????????
????md5()
????$array1[] = array(
????"foo" => "bar"??
????"bar" => "foo"??
????);
????$array2 = array("foo"?? "bar"?? "hello"?? "world");
????var_dump(md5($array1)==var_dump($array2)); //true
????PHP????е?md5()????????????string md5 ( string $str [?? bool $raw_output = false ] )??md5()?е?????????string??????????????????????array???md5()??????????????????????array??md5???????????????2??array??md5????????????md5()??????????????е?bypass again????п?????
????strcmp()
????strcmp()??????PHP???????е???????int strcmp ( string $str1 ?? string $str2 )???????strcmp()????2??string?????????????str1С??str2??????-1????????0????????1??strcmp????????????????????????????????ascii???????м????????????????????????????????
??????????????strcmp()??????????????
????$array=[1??2??3];
????var_dump(strcmp($array??'123')); //null?????????????null???????false??
????strcmp????????????????е?pass check?п?????
????switch()
???????switch???????????case???ж????switch?????е????????int????????￡?
????$i ="2abc";
????switch ($i) {
????case 0:
????case 1:
????case 2:
????echo "i is less than 3 but not negative";
????break;
????case 3:
????echo "i is 3";
????}
????????????????????i is less than 3 but not negative????????switch()??????$i??????????????????????2??
????in_array()
??????PHP????У?in_array()???????????bool in_array ( mixed $needle ?? array $haystack [?? bool $strict = FALSE ] )?????strict??????????????in_array??????????????ж?$needle?????$haystack?С???strince????true???in_array()????needls???????haystack?е?????????????
????$array=[0??1??2??'3'];
????var_dump(in_array('abc'?? $array));  //true
????var_dump(in_array('1bc'?? $array)); //true
???????????????????????????true?????’abc’??????0??’1bc’????1??
????array_search()??in_array()????????????