If weak type checking is used, such as with the == operator, vulnerabilities can occur due to the often peculiar ways that PHP converts types. These include 1.14352 being converted to 1, strings converting to 1, “1is this true” converts to true, and so on. This is because according to the manual:

By default, PHP will coerce values of the wrong type into the expected scalar type if possible.

Use strict type checking to ensure that when comparing two items that they are of the same type. And in PHP 7.1, use declare (strict_types=1); .

Read more: