: When you run md5('223704217') , it produces the hash: 0e975992735744729366628065014585 .
: If a developer uses a "loose comparison" ( == ) to check this hash against another "magic hash" or the literal integer 0 , PHP will "juggle" the types and see both as 0 . Why This is Dangerous '-var_dump(md5(223704217))-'
Use hash_equals() for comparing hashes, as it is also resistant to timing attacks. If you'd like, I can: : When you run md5('223704217') , it produces