BestHub
Sign in
Information Security 4 min read

Common PHP Weak‑Type Vulnerabilities: MD5 Collision, is_numeric, in_array, switch, and intval Issues

This article explains several PHP weak‑type pitfalls—including MD5 hash collisions, improper handling by is_numeric, unexpected behavior of in_array and switch, and intval casting quirks—showing how they can lead to security problems such as hash collisions, SQL injection, and logic errors.

Laravel Tech Community
Laravel Tech Community
Laravel Tech Community
Common PHP Weak‑Type Vulnerabilities: MD5 Collision, is_numeric, in_array, switch, and intval Issues

Because PHP is a weakly typed language, many built‑in functions exhibit conversion and comparison quirks that can become security vulnerabilities.

1. MD5 Encryption Vulnerability

When comparing hash strings, PHP interprets any value beginning with "0x" as scientific notation, which evaluates to zero; consequently, two different passwords whose MD5 hashes start with "0e" are considered equal. This also illustrates the concept of hash collisions.

md5($str1),
    'md5_str2' => md5($str2),
    'bool' => md5($str1) == md5($str2)
]);
?>

The output shows both hashes beginning with 0e and the comparison evaluating to true , meaning an attacker could exploit a password that hashes to a 0e prefix.

2. is_numeric Vulnerability

PHP’s is_numeric function ignores hexadecimal notation (e.g., 0x ), which can be abused to hide malicious input and facilitate SQL injection.

echo json_encode([
    is_numeric(233333),
    is_numeric('233333'),
    is_numeric(0x233333),
    is_numeric('0x233333'),
    is_numeric('233333abc'),
]);

The result is [true, true, true, false, false] . For example, the hexadecimal 0x61646D696E corresponds to the string "admin", and a query like SELECT * FROM tp_user WHERE username=0x61646D696E would retrieve the admin record.

3. in_array Vulnerability

in_array first casts values to integers; non‑numeric strings are truncated or become zero, leading to unexpected matches.

The dump returns bool(true) , demonstrating the flaw.

4. switch Vulnerability

Similar to in_array , switch casts the switch expression to integer before comparison, so a string like "abc" is treated as 0 .

The output is "i是比3小的数".

5. intval Casting Vulnerability

The intval function casts strings to integers, stopping at the first non‑numeric character; this can produce misleading results.

These examples illustrate how implicit casting can affect program logic.

If you found this article helpful, please like and share to support the author.

securityPHPinput validationHash CollisionvulnerabilitiesWeak Typing
Laravel Tech Community
Written by

Laravel Tech Community

Specializing in Laravel development, we continuously publish fresh content and grow alongside the elegant, stable Laravel framework.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment