Perl provides two sets of comparison operators: one set for working with numbers and one set for working with strings.
Numbers | Strings |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Do not use the number comparison operators on nonnumeric strings. Likewise, do not use the string comparison operators on numbers.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
my $num = 2; print "Enter a number\n"; my $user_num = <STDIN>; chomp $user_num; if ($num eq== $user_num) {print "true\n"} else {print "false\n"}; |
...
The == operator first converts its arguments into numbers by extracting digits from the front of each argument (along with a preceding + or -). Nonnumeric data in an argument is ignored, and the number consists of whatever digits were extracted. A string such as "goodpass" has no leading digits and , so it is thus converted to the numeral 0. Consequently, unless either $password or $correct contains leading digits, they will both be converted to 0 and will be considered equivalent.
...
Confusing the string comparison operators with numeric comparison operators can lead to incorrect program behavior or incorrect program data.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP35-PL | Low | Likely | Low | P9 | L2 |
Automated Detection
Tool | Diagnostic |
|---|---|
Perl::Critic | ValuesAndExpressions::ProhibitMismatchedOperators |
DoubledPrefix |
Bibliography
...
...