Re: Lost in PHP (part 1) ---- Sequle to Lost in Query

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As far as checking to see if it's a number, note that you can get the following

"10" = string that contains 10
10  = integer that contains 10.

You can verify that a variable contains numbers or numeric data by using

if (is_numeric($variable))
{
$variable is either a number variable or a string containing only numeric data
}

HTH
-Minuk

----- Original Message ----- From: "GH" <GaryHotko@xxxxxxxxx>
To: "John Holmes" <holmes072000@xxxxxxxxxxx>
Cc: "GH" <garyhotko@xxxxxxxxx>; "PHP General" <php-general@xxxxxxxxxxxxx>
Sent: Tuesday, October 12, 2004 12:00 AM
Subject: Re: Lost in PHP (part 1) ---- Sequle to Lost in Query


Re: "Does it _really_ matter if only a number is passed? "
I would think so since if someone is trying to pass a string that is
not proper it should be treated as such and not as if they are just
take the first set of numbers and Throw away all the rest.

Maybe I am over thinking this or I am being paranoid....

 I am trying to make this work good and hope to design it to be
secure since this is my first PHP endevor....

Thanks
G


On Mon, 11 Oct 2004 14:02:08 -0400, John Holmes
<holmes072000@xxxxxxxxxxx> wrote:

GH wrote:

> How can I convert it to an integer aslong as it is only a number in the > string?

Does it _really_ matter if only a number is passed? If someone passes
"abcd" and it's converted to an integer, it'll be zero. Then your query
will not return any rows (which you're already testing for, anyhow,
right?) and be handled accordingly. Who cares if they pass "104abcd"?
It'll just be converted to 104 and see if a matching record exists.

I think you're getting caught up in too many tests. If you're expecting
an integer, MAKE it an integer, then run your query. 99.9% of your
values are going to come through correct if they are coming from your
program, right? Just silently ignore the rest because it's someone
screwing around.

If, however, you _really_ want to ensure $_GET['api'] is _only_ numbers,
then you can use

if(!isset($_GET['api']) || preg_match('/[^0-9]/',$_GET['api']))
{ echo 'API is not all numbers'; }

or

if(isset($_GET['api']) && preg_match('/^[0-9]+$/',$_GET['api']))
{ echo 'API is a number only'; }



--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals â www.phparch.com



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux