Tuesday, September 16, 2014

Four Pitfalls of PHP's Comparison Operators: When to Use == Versus ===

Tips for choosing between '==' (equals or loose comparison) and '===' (identical) operators in php.



Equals or == for loose comparisons.
Identical or === for exact matches. 





When choosing the correct operator you want to use in PHP you will want to consider whether you want PHP to try different ways to match your data or if a more strict or exact match is needed.  If your data is from a secure location or already validated you may not need the strict identical === operator, but if your data is from an outside source (HTTP GET/POST or user entered) you may want to be more precise depending on the situation.  Below are some example cases to keep in mind, starting with a look at the equals == operator.





0. If you don't have time for the entire article, please at least look at this code:

$input = 0;
if ($input == "any string") {
    print("Matches.");
} else {
    print("No match.");
}



The code above outputs "Matches.", which is probably not what you want or expected (see loose evaluation item #2).  This comparison should either make sure $input is casted to a string (i.e. string($input)) or use the '===' operator. 











1. Zero, false, empty strings, empty arrays, null are 'loosely' equal in PHP





Below are some base cases to keep in mind.  The equals operator uses type juggling, and 0 can become false or an empty string.






Comparisons to Zero
0 == ""                => True
"0" == false           => True
"0" == 0               => True
0 == false             => True



2. Watch out for string comparisons to 0 in PHP







Perhaps the strangest one is that any string with an equals comparison to 0 (as an integer) is True.  If you always are expecting to compare both sides with a string, you should strongly consider using the identical operator '==='.  Perhaps the strangest one is that any string with an equals comparison to 0.



String Comparisons 



"str" == 0             => True  (This one is definitely weird) 



"str" == 1             => False 



"str" == "0"           => False 



"strA" == "strB"       => False




3. Type juggling converts strings to numbers and vice-versa





When using the equals operator, the strings are converted to a numeric value when the string comparison match fails.



Numeric Comparisons
3 == 4                 => False
"3" == 3.0             => True
1 == "1"               => True







4. Blank strings are 'loosely' evaluated null

















This example shows that you need to be careful if there is a potential for blank strings to be passed along as data.  Also, you may have expected that the string zero "0" would loosely evaluate to null since "0" loosely evaluated to false, but that is not the case.















Null Usage
"" == null             => True
1 == null              => False
null == null           => True
null == 0              => True
null == "0"            => False


null == false          => True











The Identical Operator removes the loose evaluations











The identical operator is great whenever you expect both sides of the comparison to have the same type and it will help keep you out of trouble.  In this case, it helps remove the guesswork from the comparison and your output is more likely to match what you expect.


 


Comparisons to Zero
0 === ""               => False
"0" === false          => False
"0" === 0              => False
0 === false            => False

String Comparisons
"str" === 0            => False
"str" === 1            => False
"str" === "0"          => False
"strA" === "strB"      => False

Numeric Comparisons
3 === 4                => False
"3" === 3.0            => False
1 === "1"              => False

Null Usage
"" === null            => False
1 === null             => False
null === null          => True
null === 0             => False
null === "0"           => False






null === false         => False





The Code





The PHP documentation for the comparison operators can be found here, and the chart that displays what the value of the comparisons should be is here.



Here is the sample code that generated the tests above:


 








Echo "Comparisons to Zero<br />";
eval_string('0 == ""');
eval_string('"0" == false');
eval_string('"0" == 0');
eval_string('0 == false');
echo "<br />String Comparisons<br />";
eval_string('"str" == 0');
eval_string('"str" == 1');
eval_string('"str" == "0"');
eval_string('"strA" == "strB"');
echo "<br />Numeric Comparisons<br />";
eval_string('3 == 4');
eval_string('"3" == 3.0');
eval_string('1 == "1"');
echo "<br />Null Usage<br />";
eval_string('"" == null');
eval_string('1 == null');
eval_string('null == null');
eval_string('null == 0');
eval_string('null == "0"');


eval_string('null == false');

echo ("<br />Now Check as the === operator which removes type juggling:<br />");
Echo "Comparisons to Zero<br />";
eval_string('0 === ""');
eval_string('"0" === false');
eval_string('"0" === 0');
eval_string('0 === false');
echo "<br />String Comparisons<br />";
eval_string('"str" === 0');
eval_string('"str" === 1');
eval_string('"str" === "0"');
eval_string('"strA" === "strB"');
echo "<br />Numeric Comparisons<br />";
eval_string('3 === 4');
eval_string('"3" === 3.0');
eval_string('1 === "1"');
echo "<br />Null Usage<br />";
eval_string('"" === null');
eval_string('1 === null');
eval_string('null === null');
eval_string('null === 0');
eval_string('null === "0"');



eval_string('null === false');


function eval_string($str) {
  $disp_str = str_pad($str,20," ");
  echo "$disp_str \t\t=> ".get_boolean_output(eval("return {$str};"))."<br />";
}

function get_boolean_output($val) {
    if ($val == false)
        return "False";
    else 
        return "True";
}













Posted by



at






















Labels:


















No comments:















Post a Comment
























        

      









Subscribe to:
Post Comments (Atom)