[英]PHP in_array not working
I am using the PHP in_array() function in order to authenticate (with sessions) if a user can access a particular page. 我正在使用PHP in_array()函数来验证(带有会话)用户是否可以访问特定页面。 For some reason, it is not working...
由于某种原因,它不起作用...
session_start();
require_once('../scripts/functions.php');
$role_auth = @$_SESSION['role_auth'];
access($role_auth, array(0,1,2,3,4));
function access($role_auth, $array){
if(!(in_array($role_auth, $array))){
header("Location: ../index.html");
}
}
If I insert print statements in the function, I can see that all of the correct values are being passed into the function. 如果在函数中插入打印语句,则可以看到所有正确的值都已传递到函数中。 The problem is, if the function is called without a session variable set, for some reason it is considered as being in the array, and it authenticates.
问题是,如果在未设置会话变量的情况下调用该函数,则由于某种原因,该函数将被视为在数组中并进行身份验证。
Any ideas? 有任何想法吗?
you may want to enable strict type checks by using: 您可能要使用以下方法启用严格类型检查:
in_array($role_auth, $array, true)
as what is likely happening is that $role_auth is being eval'd as false and that could match 0 in your in_array statement. 因为可能发生的情况是$ role_auth被评估为false,并且可能与in_array语句中的0匹配。
what you SHOULD be doing is this: 您应该做的是这样的:
session_start();
require_once('../scripts/functions.php');
$role_auth = (isset($_SESSION['role_auth']))?$_SESSION['role_auth']:-1;
access($role_auth, array(0,1,2,3,4));
or something similiar. 或类似的东西。 nothing good ever comes of using the @ operator
使用@运算符没有什么好处
I would check to see if $_SESSION['role_auth'] is actually set (with isset
) instead of using @ to suppress warnings (which is bad practice IMHO) 我将检查是否实际设置了$ _SESSION ['role_auth'](使用
isset
),而不是使用@来禁止警告(恕我直言,这是不好的做法)
I think what's happening is that false == 0 ... so in_array
returns true when nothing is in $role_auth because it sees it as 0 and 0 is in your array 我认为正在发生的事情是false == 0 ...因此,当$ role_auth中什么都没有时,
in_array
返回true,因为它看到它为0并且0在您的数组中
$role_auth = @$_SESSION['role_auth'];
The @ sign is suppressing any warnings you might get here, like index is not in array. @符号禁止显示任何警告,例如index不在数组中。 How about something like this instead:
像这样的事情怎么样:
if(isset($_SESSION['role_auth']))
$role_auth = $_SESSION['role_auth'];
else
$role_auth = -1;//(or whatever an invalid role is)
In php, the number zero is considered equal to most non-numeric things, for example: 在php中,数字零被认为等于大多数非数字事物,例如:
null == 0
false == 0
"" == 0
"asdf" == 0
You probably need to make sure that $_SESSION
actually contains the 'role_auth'
key beforehand and convert it to the appropriate type, also passing the $strict
parameter to in_array
, thus guaranteeing a type check as well as a value check ( ===
vs. ==
). 您可能需要确保
$_SESSION
实际上包含'role_auth'
密钥,并将其转换为适当的类型,还将$strict
参数传递给in_array
,从而保证类型检查和值检查( ===
vs 。 ==
)。 Removing zero from your array might also be a good idea. 从数组中删除零也是一个好主意。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.