It seems that PHP's=== operator is case sensitive. So is there a reason to usestrcmp()?
Is it safe to do something like the following?
if ($password === $password2) { ... }
People are also looking for solutions to the problem: php - Double colon in function declaration
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.
Find the answer in similar questions on our website.
Answer
Solution:
The reason to use it is because
===only returnstrueorfalse, it doesn't tell you which is the "greater" string.Answer
Solution:
You should never use
==for string comparison.===is OK.Just run the above code and you'll see why.
Now, that's a little better.
Answer
Solution:
Don't use
==in PHP. It will not do what you expect. Even if you are comparing strings to strings, PHP will implicitly cast them to floats and do a numerical comparison if they appear numerical.For example
'1e3' == '1000'returns true. You should use===instead.Answer
Solution:
Well...according to this PHP bug report, you can even get 0wned.
It gives you a warning, but still bypass the comparison. You should be doing
===as @postfuturist suggested.Answer
Solution:
Always remember, when comparing strings, you should use the operator (strict comparison) and not
==operator (loose comparison).Answer
Solution:
==is a bad idea for string comparisons.It will give you "surprising" results in many cases. Don't trust it.
===is fine, and will give you the best performance.strcmp()should be used if you need to determine which string is "greater", typically for sorting operations.Answer
Solution:
Using
==might be dangerous.Note, that it would cast the variable to another data type if the two differs.
Examples:
echo (1 == '1') ? 'true' : 'false';echo (1 == true) ? 'true' : 'false';As you can see, these two are from different types, but the result is
true, which might not be what your code will expect.Using
===, however, is recommended as test shows that it's a bit faster thanstrcmp()and its case-insensitive alternativestrcasecmp().Quick googling yells this speed comparison: http://snipplr.com/view/758/
Answer
Solution:
strcmp()and===are both case sensitive, but===is much faster.Sample code: Speed Test: strcmp vs ===
Answer
Solution:
strcmp will return different values based on the environment it is running in (Linux/Windows)!
The reason is the that it has a bug as the bug report says - Bug #53999strcmp() doesn't always return -1, 0, or 1
Answer
Solution:
You can use
strcmp()if you wish to order/compare strings lexicographically. If you just wish to check for equality then==is just fine.Answer
Solution:
Also, the function can help in sorting. To be more clear about sorting. strcmp() returns less than 0 if string1 sorts before string2, greater than 0 if string2 sorts before string1 or 0 if they are the same. For example
The function will return greater than zero, as aaao is sorting before aabo.
Answer
Solution:
if ($password === $password2) { ... }is not a safe thing to do when comparing passwords or password hashes where one of the inputs is user controlled.In that case it creates a timing oracle allowing an attacker to derive the actual password hash from execution time differences.
Use
if (hash_equals($password, $password2)) { ... }instead, because hash_equals performs "timing attack safe string comparison".Answer
Solution:
In PHP, instead of using alphabetical sorting, use the ASCII value of the character to make the comparison.
Lowercase letters have a higher ASCII value than capitals. It's better to use the identity operator === to make this sort of comparison. strcmp() is a function to perform binary safe string comparisons. It takes two strings as arguments and returns < 0 if str1 is less than str2; > 0 if str1 is greater than str2, and 0 if they are equal. There is also a case-insensitive version named strcasecmp() that first converts strings to lowercase and then compares them.