Jump to content

Help with the is_int(); function

binxalot

By binxalot
in PHP Coding Help

 Share

Recommended Posts

binxalot Newbie

binxalot

Posted
Posted
I was reading about SQL injections on some site and I wanted to add some security to a site I have so I don't have someone delete my database from a URL insert.

I'm using a number to dictate which table shows which info with a $HTTP_GET_VARS['idnumber'];

What I want to do is have PHP check to make sure the $HTTP_GET_VARS['idnumber']; is a number and not someone typing in DROP my database.  My noob logic says do this:

<?
$myid = $HTTP_GET_VARS['idnumber'];

$figureitout = is_int($myid);

if ($figureitout == FALSE){
$myid = "1" }

?>
That makes sense in my head as this:  the $figureitout variable should equal the word "true" or "false" so then if it's true the IF statment will do nothing unless $figureitout is FALSE in which case it will change the $myid from whatever someone typed in to the number 1 so only numbers get processed in my SQL statement.

Now that doesnt work, does anyone know why this isnt working?  I'm guessing it's because true and false wont show up as words thats can be used in a variable?  If that is the case, then is there some work around to do something like this?

-Binx
Link to comment
https://forums.phpfreaks.com/topic/32212-help-with-the-is_int-function/
Share on other sites
paul2463 Member

paul2463

Posted
Posted
if $figureitout is either true or false then you dont need to ask if it is == FALSE, the IF statement only works with TRUE or FALSE so you could use
[code]
<?php
$myid = $HTTP_GET_VARS['idnumber'];

$figureitout = is_int($myid);

if (!$figureitout){ //which actually evaluates in the eyes of the code as if $figureitout is not equal to true i.e false
$myid = "1"; } // you were also missing a semi colon here

?>
[/code]
wildteen88 Regular Member

wildteen88

Posted
Posted
When you submit data from a form or pass data over the url, the data can be a string, a number/float, a boolean etc. It will always be converted to a string. so the following wont work:
$figureitout = is_int($myid);

What you will want to do is use is_numeric rather than is_int. As is_numeric checks whether the string is of a numerical value. Where as is_int checks that the data is an integer. The following should work:
[code=php:0]if(is_numeric($_GET['idnumber']))
{
    // my id is a number!
    $myid = $_GET['idnumber'];
}[/code]

Also the use of $HTTP_*_VARS are depreciated. You should use the newer superglobals which are $_GET, $_POST, $_SERVER etc.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.