ID: 40156
Updated by: [EMAIL PROTECTED]
Reported By: pmjones88 at gmail dot com
Status: Bogus
Bug Type: Filter related
Operating System: Mac OS X
PHP Version: 5.2.0
New Comment:
Again, sanitizing filter just sanitizes the input data, it does not
validate it.
Previous Comments:
[2007-01-17 20:25:54] [EMAIL PROTECTED]
No, that's what the logical filters are for.
[2007-01-17 20:23:14] pmjones88 at gmail dot com
Then it should at least fail when it realizes that the value isn't
going to be useful as a float. Maybe I don't get it; a "sanitized"
float should return as a "float". Otherwise you're just stripping
non-numeric characters, which is not quote the same thing.
[2007-01-17 20:12:06] [EMAIL PROTECTED]
http://php.net/filter
FILTER_SANITIZE_NUMBER_FLOAT - Remove all characters except digits, +-
and optionally .,eE.
It's not supposed to validate the result.
[2007-01-17 20:11:15] [EMAIL PROTECTED]
Use FILTER_VALIDATE_FLOAT if you like to validate a string and get a
float value. Sanitizing filters only clean the string.
[2007-01-17 20:01:27] pmjones88 at gmail dot com
Description:
When using FILTER_SANITIZE_NUMBER_FLOAT with
FILTER_FLAG_ALLOW_FRACTION, it seems to allow any number of decimal
points, not just a single decimal point. This results in an invalid
value being reported as sanitized.
Reproduce code:
---
Expected result:
float 123.45
Actual result:
--
string(12) "...123.45..."
--
Edit this bug report at http://bugs.php.net/?id=40156&edit=1