Only problem with intval() is that it returns 0 (a valid value) on
failure, so we need to check for 0 first. Adding more secure checks
would make this more than just a one-liner, eg;
$_CLEAN['x'] = false;
if (isset($_POST['x'])) {
if (0 == 1*$_POST['x']) {
$_CLEAN['x'] = 0;
} else {
$x = intval($_POST['x']);
if ($x > 0 && $x == 1*$_POST['x']) {
$_CLEAN['x'] = $x;
}
}
}
Reducing to a two-liner, if you *really* want:
$x = intval(@$_POST['x']);
$_CLEAN['x'] = (isset($_POST['x']) ? ((0 == 1*$_POST['x']) ? 0 :
(($x > 0 && $x == 1*$_POST['x']) ? $x : false)) : false);
(all untested)
That *should* return false unless all your conditions are set, in
which case it will return your cardinal number (non-negative integer).
Disclaimer: Currently operating on caffeine deficit; it's possible
I'm answering a question no one asked.
steve
At 3:41 PM +0100 12/1/05, Jochem Maas wrote:
Ray Hauge wrote:
Richard Lynch wrote:
On Wed, November 30, 2005 5:10 pm, Chris Lott wrote:
What is the shortest possible check to ensure that a field coming from
a form as a text type input is either a positive integer or 0, but
that also accepts/converts 1.0 or 5.00 as input?
$_CLEAN['x'] = intval(@$_POST['x']);
the '@' suppresses a notice if 'x' is not set and intval() will
force whatever is in $_POST['x'] to become an integer - knowing exactly
what it does depends on knowing how type-casting works in php.
OK so that doesn't exactly constitute a 'check' but it sure as hell
stops any idiot from giving the rest of your script anything but an
accepted value (the unsigned integer)
[I'd be very happy to get critisism from a security-man like mr. Chris
Shiftlett regard the relative 'badness' of the 'approach' I suggested
above - i.e. how much does it suck as a strategy?]
here is a quick test regarding casting (run it yourself ;-):
var_dump(
intval( "123" ),
intval( 123.50 ),
intval( "123.50" ),
intval( "123abc" ),
intval( "abc" ),
intval( "0" ),
intval( false ),
intval( null )
);
This might be good enough:
if (isset($_POST['x'])){
if (!preg_match('/([0-9]*)(\\.0*)?/', $_POST['x']){
//invalid
}
else{
$_CLEAN['x'] = (int) $_POST['x'];
}
}
You could also replace:
if (!preg_match('/([0-9]*)(\\.0*)?/', $_POST['x'])
with:
if(!is_numeric($_POST['x']) || $_POST['x'] < 0)
This would ensure that your value only contains numbers, and that
it is greater than zero. Then when you put it into the $_CLEAN
array, you can type-cast it as an int (as in the other script) and
that would convert any doubles to an integer value. If you wanted
you could also round, ceil, or floor the value.
--
+--------------- my people are the people of the dessert, ---------------+
| Steve Edberg http://pgfsun.ucdavis.edu/ |
| UC Davis Genome Center [EMAIL PROTECTED] |
| Bioinformatics programming/database/sysadmin (530)754-9127 |
+---------------- said t e lawrence, picking up his fork ----------------+
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
