User input

[stribor40]

How to ensure that user input is integer

Beside checking is_int(var) or intval, i also want to make sure it is not empy and not null. Only input i would like that int is between 1 and 1000. What happens if user puta just this " ". Or doesnt put anything ?

Is there any way to ensure that it is only integer with php.

[Muddy_Funster]

PHP has an empty check, so something like the following would probably do, although a regex would be more robust

if(!empty(trim($val)) && (int)$val >=1 && (int)$val <= 1000)

[stribor40]

What i am actually trying to do is this.....

I will pass variable to my script like this. Http://mydoman.com/script.php?user=125

 

So now i want my script to do something with 125. I want to account for in the case user tries to put something like this in url

?user=

Or ?user=hshahahah

Or ?user

Or ?

 

Basically i just want to be prepared and handle any input into url that is not integer

[kicken]

 

if(!empty(trim($val))

 

That is invalid, unless you are using PHP 5.5, which is unlikely for most people as it's still pretty new. empty can only be used on variables in previous versions, not expressions.

 

$user = isset($_GET['user'])?trim($_GET['user']):'';
if ($user == '' || !ctype_digit($user) || $user > 1000 || $user < 1){
   //Error 
}
else {
   //Ok
}

That will assign $user to a trimmed version of the $_GET variable if it exists, or the empty string otherwise. The if then checks if:

- It is the empty string or

- It contains a non-digit (0-9) character or

- It is > 1000 or

- It is < 1

 

If any of those are true, you have an error condition which you'd handle in the body of the if statement.

Edited August 7, 2013 by kicken

[stribor40]

how would you write this part

isset($_GET['user'])?trim($_GET['user']):''

in a simpler beginner way

[kicken]

That's the Ternary Operator

 

It's equivalent to:

 

if (isset($_GET['user'])){
   $user = trim($_GET['user']);
}
else {
   $user = '';
}

Edited August 7, 2013 by kicken