WebApp Sec mailing list archives
Re: PHP variable sanitization functions
From: Cameron Green <c.green () uq edu au>
Date: Wed, 27 Aug 2003 11:07:40 +1000
Quoting Jan Pieter Kunst <jpk () akamail com>:
Something like this (warning! untested code!) might be useful: function sane_integer($val, $min, $max) { if (!preg_match('/^-?[0-9]+$/', $val)) return false; if (($val < $min) or ($val > $max)) return false; return true; }Maybe this one would be faster? As it doesn't use the regular expression engine. function sane_integer($val, $min, $max) { if (!is_numeric($val)) return false; if (($val < $min) or ($val > $max)) return false; return true; } JP
I have written a class called Type which does this sort of thing...its meant as a common handler for Type Checking, which I also use in conjunction with a class to handle Parameters. /** * Check Integer Value * * Checks the value of passed in integer * * @param int $integer integer we are checking * @param array $extras optional - minimum and maximum for variable * @access public * @return bool $type ok */ function check_integer($integer, $extras='') { if (!is_integer($integer)) { $this->set_error("Type not integer"); return FALSE; } if (is_array($extras)) { if (isset($extras['minimum']) && is_integer($extras['minimum']) && ($integer < $extras['minimum'])) { $this->set_error('Less than minimum'); return FALSE; } if (isset($extras['maximum']) && is_integer($extras['maximum']) && ($integer
$extras['maximum'])) {
$this->set_error('Greater than maximum'); return FALSE; } } return TRUE; } The whole class is in this package I have started working on which intends to be an application base for my php apps (I've cut session and permission handling out of this one) http://www.camerongreen.org/code/application_base.tar.gz -- Cameron Green cam () uq edu au mb : 0414 972 726 wk : 33654012 "Fascism should more appropriately be called Corporatism because it is a merger of State and corporate power." - Benito Mussolini (1883-1945)
Current thread:
- PHP variable sanitization functions Gavin Zuchlinski (Aug 24)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Jamie Pratt (Aug 25)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 25)
- <Possible follow-ups>
- Re: PHP variable sanitization functions Ulf Harnhammar (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Cameron Green (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 27)
- Re: PHP variable sanitization functions Cameron Green (Aug 27)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 28)
- Re: PHP variable sanitization functions Jean-Jacques Halans (Aug 29)
- Looking for coder.htm / ASCII encoder n30 (Aug 29)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Tim Tompkins (Aug 29)