What potential pitfalls are present in the PHP code provided for a basic calculator function?

The potential pitfalls in the provided PHP code for a basic calculator function include not handling division by zero and not sanitizing user input, which can lead to security vulnerabilities such as SQL injection. To solve these issues, we can add a check for division by zero and use the `filter_var` function to sanitize user input.

function calculate($num1, $num2, $operator) {
    if ($operator == &#039;/&#039; &amp;&amp; $num2 == 0) {
        return &quot;Error: Division by zero&quot;;
    }

    $num1 = filter_var($num1, FILTER_SANITIZE_NUMBER_FLOAT);
    $num2 = filter_var($num2, FILTER_SANITIZE_NUMBER_FLOAT);

    switch ($operator) {
        case &#039;+&#039;:
            return $num1 + $num2;
        case &#039;-&#039;:
            return $num1 - $num2;
        case &#039;*&#039;:
            return $num1 * $num2;
        case &#039;/&#039;:
            return $num1 / $num2;
        default:
            return &quot;Invalid operator&quot;;
    }
}

// Example usage
echo calculate(10, 0, &#039;/&#039;);

Keywords

syntax error division by zero security vulnerability input validation floating point precision

What potential pitfalls are present in the PHP code provided for a basic calculator function?

Keywords

Related Questions