Zero-Affect Posted February 23, 2010 Posted February 23, 2010 alot of hammering happening in this thread.. Quote
corruptcity || skalman Posted February 24, 2010 Author Posted February 24, 2010 yeah its coz i secured the posts but it was still letting in +999- and other like that so ive had to give it a smash in the mouth and called it bad mod lol no just had to recode it Quote
corruptcity || skalman Posted February 24, 2010 Author Posted February 24, 2010 i did have ctype_digit but it still let it thru so used ctype_alnum and that seemed todo the trick Quote
iSOS Posted February 24, 2010 Posted February 24, 2010 Sooo now you're letting users can enter integers & characters into your form, well I hope atleast you're attempting to secure the query. ctype_digit(), only allows digits, so I'm not sure what you're doing wrong. ?( Quote
Joshua Posted February 24, 2010 Posted February 24, 2010 I'm not 100% sure either Originally to test I told him to use $_POST['blah'] = abs((int) $_POST['blah']) but with simple -999999999999999 or +99999999999999999999- was slipping through so i dno. Quote
iSOS Posted February 24, 2010 Posted February 24, 2010 $_POST['blah'] = abs((int) $_POST['blah']), would work, as long as it goes into the DB as that, it's fine. Anyway what I forgot to mention was on some server setups, for some reason ctype_digit() allows the '-' character. -- I've had first hand experience with this. Quote
Joshua Posted February 24, 2010 Posted February 24, 2010 Hm, most odd. I'll stick with short and simple post = abs((int) it works for me 100% of the time >,< Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.