#40156 [Opn-Bgs]: FILTER_SANITIZE_NUMBER_FLOAT incorrect when multiple dots in value
ID: 40156 Updated by: [EMAIL PROTECTED] Reported By: pmjones88 at gmail dot com -Status: Open +Status: Bogus Bug Type: Filter related Operating System: Mac OS X PHP Version: 5.2.0 -Assigned To: +Assigned To: pajoye New Comment: Use FILTER_VALIDATE_FLOAT if you like to validate a string and get a float value. Sanitizing filters only clean the string. Previous Comments: [2007-01-17 20:01:27] pmjones88 at gmail dot com Description: When using FILTER_SANITIZE_NUMBER_FLOAT with FILTER_FLAG_ALLOW_FRACTION, it seems to allow any number of decimal points, not just a single decimal point. This results in an invalid value being reported as sanitized. Reproduce code: --- ?php $val = 'abc ... 123.45 ,.../'; $san = filter_var($val, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); var_dump($san); ? Expected result: float 123.45 Actual result: -- string(12) ...123.45... -- Edit this bug report at http://bugs.php.net/?id=40156edit=1
#40156 [Opn-Bgs]: FILTER_SANITIZE_NUMBER_FLOAT incorrect when multiple dots in value
ID: 40156 Updated by: [EMAIL PROTECTED] Reported By: pmjones88 at gmail dot com -Status: Open +Status: Bogus Bug Type: Filter related Operating System: Mac OS X PHP Version: 5.2.0 New Comment: No, that's what the logical filters are for. Previous Comments: [2007-01-17 20:23:14] pmjones88 at gmail dot com Then it should at least fail when it realizes that the value isn't going to be useful as a float. Maybe I don't get it; a sanitized float should return as a float. Otherwise you're just stripping non-numeric characters, which is not quote the same thing. [2007-01-17 20:12:06] [EMAIL PROTECTED] http://php.net/filter FILTER_SANITIZE_NUMBER_FLOAT - Remove all characters except digits, +- and optionally .,eE. It's not supposed to validate the result. [2007-01-17 20:11:15] [EMAIL PROTECTED] Use FILTER_VALIDATE_FLOAT if you like to validate a string and get a float value. Sanitizing filters only clean the string. [2007-01-17 20:01:27] pmjones88 at gmail dot com Description: When using FILTER_SANITIZE_NUMBER_FLOAT with FILTER_FLAG_ALLOW_FRACTION, it seems to allow any number of decimal points, not just a single decimal point. This results in an invalid value being reported as sanitized. Reproduce code: --- ?php $val = 'abc ... 123.45 ,.../'; $san = filter_var($val, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); var_dump($san); ? Expected result: float 123.45 Actual result: -- string(12) ...123.45... -- Edit this bug report at http://bugs.php.net/?id=40156edit=1
#40156 [Opn-Bgs]: FILTER_SANITIZE_NUMBER_FLOAT incorrect when multiple dots in value
ID: 40156 Updated by: [EMAIL PROTECTED] Reported By: pmjones88 at gmail dot com -Status: Open +Status: Bogus Bug Type: Filter related Operating System: Mac OS X PHP Version: 5.2.0 New Comment: The string you're passing is obviously not a valid float... as it has all kinds of weird stuff around it. Of course it returns false (invalid data) in this case. ext/filter is not a regular expression collection... it's there to filter out unwanted characters (sanitizing filters) or to validate the contents of a string as a specific type of data. Previous Comments: [2007-01-17 20:33:49] pmjones88 at gmail dot com When I try pajoye's suggestion, to use validation, it does not return a float as he says it should. Instead, it (properly) returns false. $val = 'abc ... 123.45 ,.../'; $san = filter_var($val, FILTER_VALIDATE_FLOAT); var_dump($san); // (bool) false What's a guy gotta do to get a float out of that? [2007-01-17 20:26:02] [EMAIL PROTECTED] Again, sanitizing filter just sanitizes the input data, it does not validate it. [2007-01-17 20:25:54] [EMAIL PROTECTED] No, that's what the logical filters are for. [2007-01-17 20:23:14] pmjones88 at gmail dot com Then it should at least fail when it realizes that the value isn't going to be useful as a float. Maybe I don't get it; a sanitized float should return as a float. Otherwise you're just stripping non-numeric characters, which is not quote the same thing. [2007-01-17 20:12:06] [EMAIL PROTECTED] http://php.net/filter FILTER_SANITIZE_NUMBER_FLOAT - Remove all characters except digits, +- and optionally .,eE. It's not supposed to validate the result. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/40156 -- Edit this bug report at http://bugs.php.net/?id=40156edit=1