Re: "Does it _really_ matter if only a number is passed? "
I would think so since if someone is trying to pass a string that is
not proper it should be treated as such and not as if they are just
take the first set of numbers and Throw away all the rest.
Maybe I am over thinking this or I am being paranoid....
I am trying to make this work good and hope to design it to be
secure since this is my first PHP endevor....
Thanks
G
On Mon, 11 Oct 2004 14:02:08 -0400, John Holmes
<[EMAIL PROTECTED]> wrote:
> GH wrote:
>
> > How can I convert it to an integer aslong as it is only a number in the string?
>
> Does it _really_ matter if only a number is passed? If someone passes
> "abcd" and it's converted to an integer, it'll be zero. Then your query
> will not return any rows (which you're already testing for, anyhow,
> right?) and be handled accordingly. Who cares if they pass "104abcd"?
> It'll just be converted to 104 and see if a matching record exists.
>
> I think you're getting caught up in too many tests. If you're expecting
> an integer, MAKE it an integer, then run your query. 99.9% of your
> values are going to come through correct if they are coming from your
> program, right? Just silently ignore the rest because it's someone
> screwing around.
>
> If, however, you _really_ want to ensure $_GET['api'] is _only_ numbers,
> then you can use
>
> if(!isset($_GET['api']) || preg_match('/[^0-9]/',$_GET['api']))
> { echo 'API is not all numbers'; }
>
> or
>
> if(isset($_GET['api']) && preg_match('/^[0-9]+$/',$_GET['api']))
> { echo 'API is a number only'; }
>
>
>
> --
>
> ---John Holmes...
>
> Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
>
> php|architect: The Magazine for PHP Professionals â www.phparch.com
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
