On 12 May 2015 01:56:52 BST, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: >To resolve this issue, how about to have > >- is_digits() and digits type for digits only inputs(integer like >string) > - is_numeric() and numeric type for float like string
Firstly, these functions already exist; the first is called ctype_digit and works as described, the second has quite a broad definition but is basically the same as you're suggesting. Secondly, this doesn't solve the problem you are claiming to have, namely validating values which are safe for external uses, because these checks are far too loose. For instance, valid input for a 64-bit signed integer in a database could include: - any PHP native integer (assuming nobody builds with 128-bit ints!) - any string consisting of all digits, such that when interpreted as an integer the value won't exceed 2^64-1 - any string consisting of a '-' followed by digits, such that the magnitude of the integer interpretation wouldn't exceed 2^64 - any PHP float with no fractional part, maybe capped to a magnitude less than 2^53 for safety For an unsigned integer, there's one less string case, and extra checks to the float and int cases to exclude negative values. This is full data validation, not type checks, and belongs in ext/filter or similar as a suite of filters for different foreign types. One approach to implement it would be to perform basic pattern validation with is_numeric or a simple regex, promote to a GMP object, and then range check based on the required type. A "numeric type" would actually just be a piece of metadata attached to the variable saying that this function had been run, since the underlying representation would be unchanged. A bit like Perl's "taint tracking", but much more complicated. Regards, -- Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
