WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PHP variable sanitization functions

From: Cameron Green <c.green () uq edu au>
Date: Wed, 27 Aug 2003 23:46:23 +1000
But see this note from the PHP documentation regarding is_integer() 
or is_int():
<http://nl3.php.net/manual/en/function.is-int.php>:

"Note: To test if a variable is a number or a numeric string (such as 
form input, which is always a string), you must use is_numeric() ."


Which is why in the same file I have this function, note the comments.  

        /**
         * Check Numeric
         *
         * Checks the value of passed in numeric 
         * As parameters are always passed as strings, we use
         * the numeric type to check them
         * 
         * @param       string  $numeric        numeric we are checking
         * @param       array   $extras optional - minimum and maximum for variable 
         * @access      public
         * @return      bool    $type ok        
         */
        function check_numeric($numeric, $extras='') {
                if (!is_numeric($numeric)) {
                        $this->set_error("Type not numeric");
                        return FALSE;
                }

                // convert it to int for checking 
                $numeric_val = (int)$numeric;

                return ($this->check_integer($numeric_val, $extras));
        }


-- 
Cameron Green

cam () uq edu au

mb : 0414 972 726
wk : 33654012

"Fascism should more appropriately be called Corporatism because it is a merger
of State and corporate power." - Benito Mussolini (1883-1945)
Previous By Date Next
Previous By Thread Next

Current thread: