Security Risks and Prevention Explained for PHP Control Structures
PHP Cheat Sheet and Prevention Explained - Part 3
Foreword: In this part of the series, I explain security risks in PHP control structures, and how to prevent them.
By: Chrysanthus Date Published: 29 Jan 2019
Introduction
Risks are weaknesses from PHP or from you the programmer, that you may ignore; and attackers (hackers) would take advantage of.
Complete Syntax for if-Statement
The complete syntax for the if-statement is:
if (condition)
{
statements
}
elseif (condition)
{
statements
}
elseif (condition)
{
statements
}
- - -
else
{
statements
}
The else part is the default condition. The default condition is optional.
An example of the switch statement is:
<?php
$hisVar = 100;
if ($hisVar == 10)
{
echo 'Value is small';
}
elseif ($hisVar == 100)
{
echo 'Value is medium';
}
elseif ($hisVar == 1000)
{
echo 'Value is large';
}
else
{
echo '$hisVar is very large';
}
?>
The output is:
Value is medium
The switch Statement
The switch statement is an alternative to the if-elseif statement. Sometimes, the switch statement is faster than the if-elseif statement. The above code is repeated with the switch statement as follows:
<?php
$hisVar = 100;
switch($hisVar)
{
case 10:
{
echo 'Value is small', '<br>';
}
case 100:
{
echo 'Value is medium', '<br>';
}
case 1000:
{
echo 'Value is large', '<br>';
}
default:
{
echo '$hisVar is very large', '<br>';
}
}
?>
The output is,
Value is medium
Value is large
$hisVar is very large
instead of just,
Value is medium
- see solution below.
Note the use and positions of the reserved words, switch and case, which are case-insensitive. Note the use and positions of the colons (:). Also note that the optional 'else' has been replaced by the optional 'default'. The curly brackets that delimit the case blocks are optional.
The switch statement works with scalars and the NULL type in its conditions. It should not be used with arrays, objects and resources (in conditions). With strings, the values for the case statements have to be in quotes.
Switch with the continue Statement
The if-elseif structure executes only one block, where the condition is true. However, the switch structure in PHP executes the block where the condition is true and the rest of the blocks below that. If you do not want a series of blocks below the one where the condition is true to be executed, use the continue statement, as in the folloing code. Try it:
<?php
$hisVar = 100;
switch($hisVar)
{
case 10:
{
echo 'Value is small', '<br>';
}
case 100:
{
echo 'Value is medium', '<br>';
}
case 1000:
{
echo 'Value is large', '<br>';
continue;
}
default:
{
echo '$hisVar is very large', '<br>';
}
}
?>
The output is:
Value is medium
Value is large
If the switch structure is nested in loops, you can use a positive integer to indicate the outer loop to which the switch structure should be skipped through to.
Switch Structure Security Consideration
The if-elseif structure executes only one block, where the condition is true. However, the switch structure in PHP executes the block where the condition is true and the rest of the blocks below that. This is a weakness. The switch structure should execute only one block where the condition is true. To solve this problem, use the break statement in every block. Try the following code that illustrates this:
<?php
$hisVar = 100;
switch($hisVar)
{
case 10:
{
echo 'Value is small', '<br>';
break;
}
case 100:
{
echo 'Value is medium', '<br>';
break;
}
case 1000:
{
echo 'Value is large', '<br>';
break;
}
default:
{
echo '$hisVar is very large', '<br>';
}
}
?>
The output is:
Value is medium
as required.
Always use the break statement at the end of each block of your switch structure.
With the switch structure, the comparison of a condition is loose. Loose comparison is when you use, == and !=. Strict comparison is when you use === and !==. To solve this problem, use the switch structure when strict comparison does not matter (i.e. when only both values matter and both types do not matter).
The gettype() Function
The syntax for the gettype() function is:
string gettype ($var)
It returns the type of the variable. Possible returned strings are:
'boolean'
'integer'
'double' (for historical reasons 'double' isreturned in case of a float, and not simply 'float')
'string'
'array'
'object'
'resource'
'NULL'
'unknown type'
Try the following code:
<?php
$var = 25;
$ret = gettype($var);
echo $ret;
?>
The output is:
integer
The empty() Function
First of all, let us know the meaning of empty. The following things are considered empty:
- '' (an empty string)
- 0 (0 as an integer)
- 0.0 (0 as a float)
- '0' (0 as a string)
- NULL
- FALSE
- array() (an empty array)
- var $var; (a variable declared, but without a value in a class)
Any other value is not empty.
The syntax for the empty() function is:
bool empty($var)
The function returns true if the variable is empty, and false otherwise. Try the following code:
<?php
$var = '';
$ret = empty($var);
echo $ret;
?>
In my computer, true is displayed as 1 and false is not displayed. The output is:
1
The is_null() Function
The syntax for this function is:
bool is_null($var)
The function returns true if the variable is NULL and false otherwise. Try the following code:
<?php
$var = NULL;
$ret = is_null($var);
echo $ret;
?>
The output is,
1
The isset() Function
The syntax for the isset() function is:
bool isset($var)
The function returns true if $var exists and has value other than NULL or false otherwise.
Try the following code:
<?php
$var = 'text';
$ret = isset($var);
echo $ret;
?>
The output is:
1
The if($x) Condition
The if-statement will be executed if its condition is equivalent to true and will not be executed if its condition is equivalent to false. The following values are equivalent to false in a condition:
- the boolean FALSE itself
- the integer 0 (zero)
- the float 0.0 (zero)
- the empty string, and the string '0'
- an array with zero elements
- an object with zero member variables (PHP 4 only)
- the special type NULL (including unset variables)
- SimpleXML objects created from empty tags
Any other value including -1 is equivalent to true inside a condition.
Comparisons of $x with above PHP functions
The following table gives the different possible return values for the variable, $x.
Loose comparison is when you use == or != , which compares only values and not value and type. The following table gives the different possible resulting values for the pair of operands.
Strict Comparison
Strict comparison is when you use === or !== , which compares values as well as types. The following table gives the different possible resulting values for the pair of operands.
Loose and Strict Security Considerations
When you are comparing values as well as types, use strict comparison. Otherwise use loose comparison.
That is it for this part of the series. We stop here and continue in the next part.
Chrys
Related Links
Basics of PHP with Security ConsiderationsWhite Space in PHP
PHP Data Types with Security Considerations
PHP Variables with Security Considerations
PHP Operators with Security Considerations
PHP Control Structures with Security Considerations
PHP String with Security Considerations
PHP Arrays with Security Considerations
PHP Functions with Security Considerations
PHP Return Statement
Exception Handling in PHP
Variable Scope in PHP
Constant in PHP
PHP Classes and Objects
Reference in PHP
PHP Regular Expressions with Security Considerations
Date and Time in PHP with Security Considerations
Files and Directories with Security Considerations in PHP
Writing a PHP Command Line Tool
PHP Core Number Basics and Testing
Validating Input in PHP
PHP Eval Function and Security Risks
PHP Multi-Dimensional Array with Security Consideration
Mathematics Functions for Everybody in PHP
PHP Cheat Sheet and Prevention Explained
More Related Links