|
WebApp Sec
mailing list archives
Re: PHP variable sanitization functions
From: Cameron Green <c.green () uq edu au>
Date: Wed, 27 Aug 2003 23:46:23 +1000
But see this note from the PHP documentation regarding is_integer()
or is_int():
<http://nl3.php.net/manual/en/function.is-int.php>:
"Note: To test if a variable is a number or a numeric string (such as
form input, which is always a string), you must use is_numeric() ."
Which is why in the same file I have this function, note the comments.
/**
* Check Numeric
*
* Checks the value of passed in numeric
* As parameters are always passed as strings, we use
* the numeric type to check them
*
* @param string $numeric numeric we are checking
* @param array $extras optional - minimum and maximum for variable
* @access public
* @return bool $type ok
*/
function check_numeric($numeric, $extras='') {
if (!is_numeric($numeric)) {
$this->set_error("Type not numeric");
return FALSE;
}
// convert it to int for checking
$numeric_val = (int)$numeric;
return ($this->check_integer($numeric_val, $extras));
}
--
Cameron Green
cam () uq edu au
mb : 0414 972 726
wk : 33654012
"Fascism should more appropriately be called Corporatism because it is a merger
of State and corporate power." - Benito Mussolini (1883-1945)
 By Date 
By Thread
Current thread:
Re: PHP variable sanitization functions hokkaido (Aug 26)
|
Intro
