Quoting Jesse Becker <[EMAIL PROTECTED]>: > On Feb 13, 2008 11:46 AM, <[EMAIL PROTECTED]> wrote: >> Quoting Jesse Becker <[EMAIL PROTECTED]>:
>> Won't the INT, FLOAT, and NUMBER checks in valid_parameter() always be >> true? (float)$value would always be a float. > > Hmm...true. I was thinking of the case where where you have something like: > > $float_var="cow"; > is_float($float_var); > > What is the floating point representation of a bovine? LOL. > I'll need to go back and check on type casting. I was trying to avoid > using regexes for generic validation tests, but looks like that might > be the way to go. All the is_* functions check for a variable's type. Everything in $_GET is a string to start with, so mostly these functions don't work for this kind of validation. (is_numeric() being an exception.) This is the nice thing about the ctype_* functions. In addition to being faster, they're designed to work with strings. You can do something like this : if( (string)(float)$value === $value ) { $valid = True; } If $value was a legitimate float to begin with, it will be unchanged by the cast, and the condition will be true. If $value contained non-float'ing bovine-ish stuff, then it'll be mangled by the cast and no longer match $value. I have no idea how that is performance-wise, but I'm guessing it's pretty cheap. I agree that simply answering the question "is this value in an expected format", and making no attempt to santize/modify the value or substitute defaults for bad values, is the most bullet-proof way to go. But, it does mean that we will sometimes have input which makes rendering the page impossible. (Maybe I access graph.php with no arguments at all?) In that case, it should probably be sanitize.php's job to kill execution, possibly with some error message. Thoughts? alex ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers