2

In my case should I use != as below, or is !== more appropriate, what is the difference.

private function authenticateApi($ip,$sentKey) {

    $mediaServerIp = '62.80.198.226';
    $mediaServerKey = '45d6ft7y8u8rf';        

    if ($ip != $mediaServerIp ) {
        return false
    }
    elseif ($sentKey != $mediaServerKey ) {
        return false
    }
    else {
        return true;
    }
}

public function setVideoDeletedAction(Request $request)
{
    //Authenticate sender
    if ( $this->authenticateApi($request->server->get("REMOTE_ADDR"),$request->headers->get('keyFile')) != true ) {
       new response("Din IP [$ip] eller nyckel [********] är inte godkänd för denna åtgärd.");
    }
Matt Welander
  • 7,437
  • 20
  • 84
  • 129
  • 1
    Loose equality is a security hole for you: http://codepad.org/0j4T3iCl. – Blender Dec 20 '13 at 17:56
  • @Blender You are so wrong, couldn't you at least test the code for yourself? the linked page is stupid – Alireza Fallah Dec 20 '13 at 18:06
  • So since I have full control over the return value (from authenticateApi() ) it is not a security hole for me there? but might be a problem inside the authenticateApi() since I pull in values from the request-object? – Matt Welander Dec 20 '13 at 18:11
  • 1
    @MattiasSvensson: My point is that loose inequality does more than check strings for equality (for example, `"0000002" == "2"`), which is not something you want. – Blender Dec 20 '13 at 18:16

4 Answers4

2

!= checks value

if($a != 'true')

!== checks value and type both

if($a !== 'true')
Adil Abbasi
  • 2,857
  • 1
  • 35
  • 32
1

http://www.php.net/manual/en/language.operators.comparison.php

As the manual says, one compares type as well.

Jessica
  • 7,019
  • 26
  • 38
0

!== is more strict. '1'==1 returns true, but '1'===1 - false, because of different types.

BaBL86
  • 2,502
  • 1
  • 11
  • 13
0

=== and !== are used to compare objects that might be of different type. === will return TRUE iff the types AND values are equal; !== will return TRUE if the types OR values differ. It is sometimes known as the 'congruency' operator.

If you are comparing two things that you know will always be the same type, use !=.

Here's an example of using !==. Suppose you have a function that will return either an integer or the value FALSE in the event of a failure. 0 == FALSE, but 0 !== FALSE because they are different types. So you can test for FALSE and know an error happened, but test for 0 and know you got a zero but no error.

Brian A. Henning
  • 1,302
  • 8
  • 21