-1

I am trying to do a input check and to seeif the string contains " or '. I have the stringcheck method that looks like this 

public static function stringcheck($search, $string)
{
    $position = strpos($string, $search);
    if ($position == true)
    {
        return true;
    }
    else{
      return false;
    }
}

And this is how i am trying to check it 

if(H::stringcheck($search8, $string) === true ||  $string[0] === """)
{
   $value++;
}

And the $search8 look like $search8 = htmlspecialchars('"');. I should also mention that the $string is already sanitized.

Qirel
  • 25,449
  • 7
  • 45
  • 62
Axwell Vail
  • 65
  • 6

1 Answers1

3

strpos returns the position of the match, which will be 0 if the match is at the beginning. But 0 is not == true.

I guess you are trying to work around that by extra checking $string[0] === """ which won't work, as I commented above: $string[0] is a single character, but " is 6 characters long.

Joe
  • 877
  • 1
  • 11
  • 26
  • I said that my `$string` is already sanitized, – Axwell Vail Feb 26 '19 at 07:02
  • @AxwellVail You seem to not understand the answer. Nobody is stating or asking anything about sanitation. – Qirel Feb 26 '19 at 07:04
  • Please read the [manual](http://php.net/manual/en/function.strpos.php#refsect1-function.strpos-returnvalues). It explicitly states why this answer stands correct. To test if something is in a string you'd simply do `return strpos($haystack, $needle) !== false;` – DarkBee Feb 26 '19 at 07:10