Analog Posted February 11, 2010 Posted February 11, 2010 This should only return $var if it is numerical and positive correct? Also returned $var clean for a query? function CleanNum($var) { if(!is_numeric($var) and !is_int($var)) { echo 'Error: Input was not numerical.'; exit; } else if($var < 0) { echo 'All numerical inputs must have a positive value.'; exit; } else { return abs($var); exit; } } Quote
seanybob Posted February 11, 2010 Posted February 11, 2010 Yes, I 'spose it would. Although it seems a little weird to test to see if an input is a number and is positive, and then ONLY IF IT IS get it's absolute value. That means the absolute value isn't doing anything. If I may suggest... function CleanNum($var) { return abs((int) $var); //turns input into a number, then gets it's absolute value } This same code doesn't return an annoying error to the user, but corrects their input - making it positive, and a number. (Feel free to correct me if I'm wrong. This has always worked for me, but I've heard people using @intval and other weird junk like that nowadays) Quote
Analog Posted February 11, 2010 Author Posted February 11, 2010 I see your point but say the user input was 'a' abs() would return 0... right? the check for positive is so that a value of negitave is not ran through query for example $_POST['num'] is -1 so it would actually add 1 wouldn't it? $i = abs((int) $_POST['num']); $db->query("UPDATE table SET field = field - $i"); Quote
Analog Posted February 11, 2010 Author Posted February 11, 2010 maybe I should sleep... After looking at this more I see I am over thinking the solution. Quote
Djkanna Posted February 11, 2010 Posted February 11, 2010 (Feel free to correct me if I'm wrong. This has always worked for me, but I've heard people using @intval and other weird junk like that nowadays)Intval(): Get's the integer value :) so echo intval('-35'); would return 35. Quote
Analog Posted February 11, 2010 Author Posted February 11, 2010 Intval(): Get's the integer value :) so echo intval('-35'); would return 35. yeah I realized that after walking away for a bit. Guess I was trying to reinvent the wheel!!! Quote
Djkanna Posted February 11, 2010 Posted February 11, 2010 Reinventing the wheel is *sometimes* a good thing :) Quote
Zero-Affect Posted February 12, 2010 Posted February 12, 2010 i use another method $_GET['NUM'] = ( ctype_digit($_GET['NUM']) AND isset($_GET['NUM']) ) ? $_GET['NUM'] : '' ; // Filter variable if ( empty($_GET['NUM']) ) { echo 'Error!'; die; // ERROR } mysql_query("UPDATE `table` SET `column` = {$_GET['NUM']} WHERE `othercol` = 1"); // UPDATE EXAMPLE // OR mysql_query("SELECT `column` FROM `table` WHERE `othercol` = {$_GET['NUM']}"); // SELECT EXAMPLE seems to work for me Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.