Hacker News new | ask | show | jobs
by tyingq 1670 days ago
My personal favorite PHP wtf is this one:

  if (md5('240610708') == md5('QNKCDZO')) {
    echo "true\n";
  }
Though I do use php, and love many things about it.
2 comments
cyberbanjo 1670 days ago
Do you know why that is?

  php > echo md5('240610708');
  0e462097431906509019562988736854

  php > echo md5('QNKCDZO');
  0e830400451993494058024219903391
link
dangson 1670 days ago
Here is the explanation: https://www.php.net/manual/en/function.md5.php#123392
link
wildrhythms 1670 days ago
Would this be avoided by using a string comparison function?

https://www.php.net/manual/en/function.strcmp.php

link
trog 1668 days ago
Yes, or you can use ===, which will check the type as well. I am trying to get in the habit of using === everywhere now.
link
cyberbanjo 1670 days ago
Yes.

  php > echo strcmp(md5('240610708'), md5('QNKCDZO'));
  -4
link
foldor 1670 days ago
Having been out of PHP for several years now, I assume that needs a === instead of ==? It's unfortunate that we have the need for a ===, but it's no different that JS in that regard.
link
tyingq 1670 days ago
The underlying issue is that while md5() thinks it is returning a hex number, if the hex number starts with 0e, php thinks it's 0^<whatever>.
link