Home / Questions / 152470
Accepted
track3r
Asked: 2020-04-03 23:58:11 +0800 CST 2020-04-03 23:58:11 +0800 CST

How come md5("240610708") == "0e1337" is true?

  • 772

We have the following code block:

<?php
   var_dump(md5("240610708")=="0e1337");
?>

Which returns bool (true), that is, for PHP the md5 of 240610708 is the same as any string that begins with 0e followed by a number. How does this happen?

php

2 Answers

  1. Best Answer

    When using the operator ==to compare strings in PHPyou can get unexpected results. This operator converts strings to numbers and then does the comparison.

    This conversion is done according to these criteria

    If the string starts with a valid numeric data, this will be the value used. Otherwise, the value will be 0 (zero). Valid numeric data is an optional sign, followed by one or more digits (it can optionally contain a decimal point), followed by an optional exponent. The exponent is an 'e' or 'E' followed by one or more digits.

    That is, the result of the operation md5(...)begins with 0e...and you compare it with the string 0e...when doing the numeric conversion, both strings become the number 0that when compared are equal and therefore true.

    To avoid it, use the operator ===:

    <?php
   var_dump(md5("240610708")==="0e1337");
?>
    • 16

  2. What happens is that when you compare with ==and deal with numbers in strings or the comparison is between a number and a string, it tries to convert to number first, and then does the comparison:

    md5("240610708") = "0e462097431906509019562988736854"

    And that resulting String converted to an int would be 0.

    When you convert the other element of the comparison, 0e1337, is 0also, ergo the result is true.

    If you use ===the result would be false.

    online example

    • 13