followup... for the short term, i'm going to rip apart a few of the open source web apps that have received funding, to get a feel for what/how these apps have decided to handle their security issues... the assumption/hope is that these guys have put $$$ into doing a serious security audit on the code that they've created... thanks -burce -----Original Message----- From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx] Sent: Wednesday, September 21, 2005 4:44 PM To: Chris Shiflett Cc: Mikey; 'PHP Mailing Lists' Subject: Re: security/sql issues with php On Wed, 2005-09-21 at 19:21, Chris Shiflett wrote: > Mikey wrote: > > I have found that adding 0 and then running is_int() usually works. > > You mean always works. :-) Casting something to an integer and then > checking to see if it's an integer doesn't tell you anything useful: > > <?php > > $int = 'this is not an int'; > $int += 0; > > if (is_int($int)) > { > echo '$int is an integer'; > } > > ?> > > You're always going to see "$int is an integer" on the screen, even when > $int is clearly not. As I mentioned, ctype_digit() fits the bill nicely: Not if it's a float. <?php $int = '2.333'; $int += 0; if (is_int($int)) { echo '$int is an integer'; } else { echo '$int is probably a float :)'; } ?> Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
