PHP Type Juggling

PHP uses "Loose Comparisons" (==) which automatically converts data types to match before comparing.

Boolean via JSON

• Send raw boolean values true or false instead of a string.

• Ensure Content-Type is application/json.

Payloads

{"password": true}

{"admin": true}

{"verified": true}

Array Injection

Convert a POST string parameter into an array to bypass logic checks

Original

username=admin&password=admin

Modified (Append [])

username=admin&password[]=

• Functions like strcmp(), md5(), or sha1() expect strings.

• If passed an array, they return NULL or throw an error. In loose comparisons (==), this often evaluates as True, bypassing authentication.

PHP: switch - Manualofficial_php