How to check whether a variable in $_GET Array is an integer?

Question

I have a page like so:

http://sitename/gallery.php?page=2

It has pagination links at the bottom by which we can browse. Everytime the page numbers are clicked, it would send a GET request with parameters page=1 or page=2 and so on ...

When I store these values to $page from teh $_GET variable, it is a string value. I can convert it to an integer using (int) like this:

if(!empty($_GET['page'])){
       $page = (int)$_GET['page'];
       echo "Page Number: ".$page;
}

But how can I make sure that the value passed is an integer only and not other crap?

didnt you find this:: http://stackoverflow.com/questions/6416763/checking-if-a-variable-is-an-integer-in-php — Sudhir Bastakoti, Aug 30 '12 at 09:54
Actually no. Thanks for pointing that out! :) I wasn't aware of the `var_dump()` — maxxon15, Aug 30 '12 at 10:04
What's your reason for wanting to make sure the value is an int? If you are always casting to an int then nothing else can get through... the only reason I can think of would be if you wanted to show an error page when anything else comes through, or if you are planning to also send other data types (other than `int`) as the value of `page`? Other than that you don't need to check it's type... Not that I'm against asking the question - just questioning the use in this case... knowledge for knowledge's sake is always good :) — Pebbl, Aug 30 '12 at 10:08
It's just that I don't want people to pass in random things like for example: **wrwh!@67** - OR something malicious. — maxxon15, Aug 30 '12 at 10:14
@maxxon15 - Yes as I thought, in this case, if you only ever access or use the `$page` variable after you have cast to an int - you need not worry about malicious content... because anything that isn't numeric will be cast to 0. `echo (int) '//*&73...\\made_up_nonsense...!'; #will echo 0`. It's good to be thinking in this regard however ;) you will not believe the number of scripts out there that allow anything to be passed in and used in scary ways... — Pebbl, Aug 30 '12 at 10:31
Yeah... But still, I try to maintain this, since they say its always a good practice to do so. :) — maxxon15, Aug 30 '12 at 10:41

Ja͢ck · Accepted Answer · 2012-08-30T10:09:36.337

17

Using filters:

if (null !== ($page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE))) {
    // $page is now an integer
}

This also checks whether the variable appears in the query string at the same time. If you want to differentiate between missing and invalid you have to leave off the last argument to filter_input():

$page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT);
// $page can be null (not present), false (present but not valid) or a valid integer

edited Aug 30 '12 at 10:09

answered Aug 30 '12 at 09:59

Ja͢ck

170,779
38
263
309

Works! Thanks man! :) Btw, this could have been achieved by `filter_var()` function too. Right? – maxxon15 Aug 30 '12 at 10:39
1

@maxxon15 I prefer using `filter_input()` if I know that the parameter should come from `INPUT_GET` - otherwise I use `filter_var()` :) – Ja͢ck Aug 30 '12 at 10:52
That clears the use case. :) Thanks for helping out a noobie here! – maxxon15 Aug 30 '12 at 10:59

score 4 · Answer 2 · answered Aug 30 '12 at 09:55

4

Use filter_var() with the FILTER_VALIDATE_INT filter on it, and check the return value.

answered Aug 30 '12 at 09:55

Ignacio Vazquez-Abrams

776,304
153
1,341
1,358

Thanks! :D How could I forget the filters! Silly me! – maxxon15 Aug 30 '12 at 10:06

score 2 · Answer 3 · answered Aug 30 '12 at 09:58

2

Use is_numeric().

is_int() will not work because GET parameters are always string.

answered Aug 30 '12 at 09:58

Leonel Machava

1,501
11
19

score 1 · Answer 4 · answered Aug 30 '12 at 10:10

1

I've left a few comments here and there. Thanks to weak typing, functions like empty and isset tend to be unreliable. The quickest way to check if a parameter is an int or not IMO would be this:

if (array_key_exists('page',$_GET) && ($_GET['page'] == (int) $_GET['page']))

Casting to int and then compare the respective values will return true only when $_GET['page'] is a valid int. If you want to use strict type comparison for some reason (some do), you could double cast:

if (array_key_exists('page',$_GET) && ($_GET['page'] === (string)((int) $_GET['page'])))

But in this particular case, I can't really see why you would want to do that

answered Aug 30 '12 at 10:10

Elias Van Ootegem

74,482
9
111
149

Why not? Is it not a good practice to always check the authenticity of the data that's passed? Btw, I already used the `FILTER_VALIDATE_INT` as shown in this comment: http://stackoverflow.com/a/12194343/432720 – maxxon15 Aug 30 '12 at 10:46
I don't quite get what you mean by _why not?_. When I said _I can't see why you want to do that_, I was referring to the double cast: casting to an int, and back to a string again is, IMO, one operation too many in this example – Elias Van Ootegem Aug 30 '12 at 11:29
Oooh! I thought you meant casting to `(int)` or even choosing this option would be unnecessary! :P Nevermind. But yeah... I agree. That'd really be too much. – maxxon15 Aug 30 '12 at 11:36
@maxxon15: Unless, of course, `$_GET['page']` could be an empty string (`''`), in which case `('' == (int)'') === true` while `'' == (string)((int)'') === false`... sheesh, loose typing, gotta love it :s – Elias Van Ootegem Aug 30 '12 at 11:42

score 1 · Answer 5 · edited Jan 24 '14 at 07:50

1

this is a way how to check parameter if it is intetger or not.

if (is_int((int) $_GET['user_id']) && (int) $_GET['user_id'] != 0) {
    $user_id = $_GET['user_id'];
}

edited Jan 24 '14 at 07:50

Radim Köhler

122,561
47
239
335

answered Jan 24 '14 at 07:30

Techn0Mania

11
1

score 0 · Answer 6 · answered Aug 30 '12 at 09:57

Using is_int won't help, probably. All incoming parameters (including $_GET and $_POST) are parsed as strings by PHP. The is_int function checks the datatype, not the value. ctype_digit checks for only digits though:

if(isset($_GET['page']) && ctype_digit($_GET['page']){
   $page = (int)$_GET['page'];
   echo "Page Number: ".$page;
}

score 0 · Answer 7 · answered Aug 30 '12 at 09:58

0

if(!empty($_GET['page']) and is_numeric($_GET['page'])){
       $page = (int)$_GET['page'];
       echo "Page Number: ".$page;
}

is_numeric is probably what you need.

answered Aug 30 '12 at 09:58

GeoffreyB

1,791
4
20
36

score 0 · Answer 8 · answered Aug 30 '12 at 10:11

0

You can also check with

isNAN($_GET['something']);//is_numeric($_GET['something'])

it returns a boolean value(true,flase)....if its true then it is not an integer,if false its an integer.

answered Aug 30 '12 at 10:11

GautamD31

28,552
10
64
85

Returns true for floats, too: so `page=12.7548754` would be valid? – Elias Van Ootegem Aug 30 '12 at 10:38
My dear brother,is there any page number with float number...???and you given the page numbers as "page" rite..?? – GautamD31 Aug 30 '12 at 10:43
1

It's a GET variable, there's nothing stopping the user from messing with the url parameters, and passing a float. That's, I think, why the op wants to check if the value of the parameter is an int, rather then a string or float – Elias Van Ootegem Aug 30 '12 at 11:32
I have also the same doubt Elias – GautamD31 Aug 30 '12 at 11:34

score 0 · Answer 9 · edited May 23 '17 at 11:47

0

if (isset($_GET['page']) && (($get_page_filtered = filter_var($_GET['page'], FILTER_VALIDATE_INT)) !== FALSE) {
  $get_page_int = $get_page_filtered;
}

@see https://stackoverflow.com/a/41868665/6758130

edited May 23 '17 at 11:47

Community

1
1

answered Jan 26 '17 at 07:48

Jonathan Falkner

390
4
5

How to check whether a variable in $_GET Array is an integer?

9 Answers9

Linked

Related