No symbols

[Gubbins]

Hi,

Can anyone show me how to modify this peice of code so symbols like + and - cannot be used?

 

if ( ($bet < 0) || !(is_numeric($bet)) ){
	$error = "One or more of your bet(s) was invalid.";
	error($error);
}

[Felex]

can you explain a bit more ?

because, there is no need to exclude symbols from $bet variable. Anyway, this code only works if $bet is a number... it means, symbols must be away from $bet...

[Gubbins]

ok well its from a roulette script and i need to stop people using the + or - symbols as it can be exploited and i thought by modifying that line of code would do the trick.

so if zero, - or + was used it would return the error as "One or more of your bet(s) was invalid."

[Gubbins]

Any ideas of what i need to do please?

[wildteen88]

You could use regex to see if $bet only contains numbers,

 

if ( $bet < 0 || preg_match('/[^0-9]+/', $bet) ){
    $error = "One or more of your bet(s) was invalid.";
    error($error);
}

[Gubbins]

You could use regex to see if $bet only contains numbers,

 

if ( $bet < 0 || preg_match('/[^0-9]+/', $bet) ){
    $error = "One or more of your bet(s) was invalid.";
    error($error);
}

 

umm it didnt work, i just tested it and it let me use the minus sign, any ideas?

[mattal999]

$bet = (int) $bet;
if($bet < 0) {
    $error = "One or more of your bet(s) was invalid.";
    error($error);
}

[oni-kun]

Mattal, you cannot typecast a string into an int, as it would hide the error (allowing a-z to be parsed in the conditional statement). Try this:

$bet = -20;
$bet = abs($bet);
if(!is_numeric($bet) || $bet < 0) {
    $error = "One or more of your bet(s) was invalid.";
    error($error);
}

 

It will remove the +- from the string, as the absolute (abs) function is supposed to do, and then check based upon if it is above zero, and is numeric.

[Gubbins]

Mattal, you cannot typecast a string into an int, as it would hide the error (allowing a-z to be parsed in the conditional statement). Try this:

$bet = -20;
$bet = abs($bet);
if(!is_numeric($bet) || $bet < 0) {
    $error = "One or more of your bet(s) was invalid.";
    error($error);
}

 

It will remove the +- from the string, as the absolute (abs) function is supposed to do, and then check based upon if it is above zero, and is numeric.

 

Thank you for trying but it still lets me use the minus sign to make a bet thus exploiting the game for cheaters.

I dont know what to do next?

[mattal999]

Then the issue is not with that part of the code. That could WORKS, as I tested it on a local server. Show us the full code please.

[oni-kun]

Yes, You are aware that a radifying integer will be absolute, as the absolute function is used for. The minus will not appear if what you've posted is truly your code, It is impossible. What exactly are you testing?