Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: PHP variable sanitization functions
From: Cameron Green <c.green () uq edu au>
Date: Wed, 27 Aug 2003 11:07:40 +1000
Quoting Jan Pieter Kunst <jpk () akamail com>:


Something like this (warning! untested code!) might be useful:

function sane_integer($val, $min, $max)
{
  if (!preg_match('/^-?[0-9]+$/', $val))
    return false;

  if (($val < $min) or ($val > $max))
    return false;

  return true;
}



Maybe this one would be faster? As it doesn't use the regular 
expression engine.

function sane_integer($val, $min, $max)
{
   if (!is_numeric($val))
     return false;

   if (($val < $min) or ($val > $max))
     return false;

   return true;
}

JP



I have written a class called Type which does this sort of thing...its meant as
a common handler for Type Checking, which I also use in conjunction with a class
to handle Parameters.

        /**
         * Check Integer Value
         *
         * Checks the value of passed in integer
         * 
         * @param       int     $integer        integer we are checking
         * @param       array   $extras optional - minimum and maximum for variable 
         * @access      public
         * @return      bool    $type ok        
         */
        function check_integer($integer, $extras='') {
                if (!is_integer($integer)) {
                        $this->set_error("Type not integer");
                        return FALSE;
                }

                if (is_array($extras)) {
                        if (isset($extras['minimum']) && is_integer($extras['minimum']) && ($integer
< $extras['minimum'])) {
                                $this->set_error('Less than minimum');
                                return FALSE;
                        }

                        if (isset($extras['maximum']) && is_integer($extras['maximum']) && ($integer

$extras['maximum'])) {

                                $this->set_error('Greater than maximum');
                                return FALSE;
                        }
                }
                
                return TRUE;
        }

The whole class is in this package I have started working on which intends to be
an application base for my php apps (I've cut session and permission handling
out of this one)

http://www.camerongreen.org/code/application_base.tar.gz


-- 
Cameron Green

cam () uq edu au

mb : 0414 972 726
wk : 33654012

"Fascism should more appropriately be called Corporatism because it is a merger
of State and corporate power." - Benito Mussolini (1883-1945)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]