Quoting Jesse Becker <[EMAIL PROTECTED]>:
> On Feb 13, 2008 11:46 AM, <[EMAIL PROTECTED]> wrote:
>> Quoting Jesse Becker <[EMAIL PROTECTED]>:
>> Won't the INT, FLOAT, and NUMBER checks in valid_parameter() always be
>> true? (float)$value would always be a float.
>
> Hmm...true. I was thinking of the case where where you have something like:
>
> $float_var="cow";
> is_float($float_var);
>
> What is the floating point representation of a bovine?
LOL.
> I'll need to go back and check on type casting. I was trying to avoid
> using regexes for generic validation tests, but looks like that might
> be the way to go.
All the is_* functions check for a variable's type. Everything in
$_GET is a string to start with, so mostly these functions don't work
for this kind of validation. (is_numeric() being an exception.) This
is the nice thing about the ctype_* functions. In addition to being
faster, they're designed to work with strings.
You can do something like this :
if( (string)(float)$value === $value ) {
$valid = True;
}
If $value was a legitimate float to begin with, it will be unchanged
by the cast, and the condition will be true. If $value contained
non-float'ing bovine-ish stuff, then it'll be mangled by the cast and
no longer match $value. I have no idea how that is performance-wise,
but I'm guessing it's pretty cheap.
I agree that simply answering the question "is this value in an
expected format", and making no attempt to santize/modify the value or
substitute defaults for bad values, is the most bullet-proof way to
go. But, it does mean that we will sometimes have input which makes
rendering the page impossible. (Maybe I access graph.php with no
arguments at all?)
In that case, it should probably be sanitize.php's job to kill
execution, possibly with some error message. Thoughts?
alex
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Ganglia-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ganglia-developers
