Difference between revisions of "Parameter Manipulation Attacks"
From SecurePHPWiki
| Line 10: | Line 10: | ||
</pre> | </pre> | ||
A zero string will convert to a numeric 0 (zero) if used in a numeric context. | A zero string will convert to a numeric 0 (zero) if used in a numeric context. | ||
| + | |||
| + | [[Category:Injection_Attacks]] | ||
Latest revision as of 19:22, 11 August 2010
Because of PHP's weak typing and automatic type conversion, alternative representations of input parameters can foil validation checks (WACT).
<?php empty( '000' ); // returns false if ( '000' == 0 ) print( 'true' ); // prints true ?>
A zero string will convert to a numeric 0 (zero) if used in a numeric context.
