is_numeric简介
bool is_numeric ( mixed $var )
is_numeric — 检测变量是否为数字或数字字符串
(PHP 4, PHP 5, PHP 7)
<?php
$tests = array(
"42",
1337,
0x539,
02471,
0b10100111001,
1337e0,
"not numeric",
array(),
9.1,
null
);
foreach ($tests as $element) {
if (is_numeric($element)) {
echo var_export($element, true) . " is numeric", PHP_EOL;
} else {
echo var_export($element, true) . " is NOT numeric", PHP_EOL;
}
}
?>
输出结果:
'42' is numeric
1337 is numeric
1337 is numeric
1337 is numeric
1337 is numeric
1337 is numeric
'not numeric' is NOT numeric
array () is NOT numeric
9.0999999999999996447286321199499070644378662109375 is numeric
NULL is NOT numeric
通过GET或者POST传入的参数,是作为字符串保存的。
is_numeric()支持普通数字型字符串、科学记数法型字符串、部分支持十六进制0x型字符串。
而强制类型转换int,不能正确转换的类型有十六进制型字符串、科学计数法型字符串(部分)。
CTF题目 1:
<?php
/**
* Created by PhpStorm.
* User: attacker2001
* Date: 2018/12/13
* Time: 16:47
*/
show_source(__FILE__);
$flag = "flag{gyuiuoopoJJIONONUUG1k090f8h9u9}";
if(isset($_GET['time'])){
if(!is_numeric($_GET['time'])){
echo 'The time must be number.';
}else if($_GET['time'] < 60 * 60 * 24 * 30 * 2){
echo 'This time is too short.';
}else if($_GET['time'] > 60 * 60 * 24 * 30 * 3){
echo 'This time is too long.';
}else{
sleep((int)$_GET['time']);
echo $flag;
}
echo '<hr>';
}
60 * 60 * 24 * 30 * 2
Out[2]: 5184000
60 * 60 * 24 * 30 * 3
Out[3]: 7776000
hex(5184000), hex(7776000)
Out[4]: ('0x4f1a00', '0x76a700')
- 解法1:科学计数法
http://localhost/CTF/PHP/is_numberic.php?time=5.276e6
- 解法2:十六进制表示法
http://localhost/CTF/PHP/is_numberic.php?time=0x76a200