php validate integer

Question

I`m wonder why this not working

    echo gettype($_GET['id']); //returns string
  if(is_int($_GET['id']))
  {
   echo 'Integer';
  }

How to validate data passing from GET/POST if it is integer ?

Gordon · Answer 1 · 2012-01-31T13:34:06.947

33

Can use

$validatedValue = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);

See http://php.net/filter_input and related functions.

edited Jan 31 '12 at 13:34

answered Jan 31 '12 at 13:25

Gordon

312,688
75
539
559

codaddict · Accepted Answer · 2010-11-04T18:49:21.633

28

The manual says:

To test if a variable is a number or a numeric string (such as form input, which is always a string), you must use is_numeric().

Alternative you can use the regex based test as:

if(preg_match('/^\d+$/',$_GET['id'])) {
  // valid input.
} else {
  // invalid input.
}

edited Nov 04 '10 at 18:49

answered Nov 04 '10 at 18:42

codaddict

445,704
82
492
529

...and also accepts decimal numbers. `preg_match` FTW. It can also accept inputs like `04`. – Ben Oct 25 '13 at 03:18
4

Shouldn't the preg_match accept negative numbers too? As far as I know, an Integer can be negative, so -5 should be accepted as Int. – Hector Ordonez Dec 19 '13 at 15:51
I also want to set the length in preg_match then how to do that ?? – Aanshi Jun 05 '14 at 11:51

score 3 · Answer 3 · edited Jan 19 '15 at 17:58

3

To validate form data (string) as an integer, you should use ctype_digit() It returns TRUE if every character in the string text is a decimal digit, FALSE otherwise. (PHP 4 >= 4.0.4, PHP 5)

Reference: http://php.net/manual/en/function.ctype-digit.php

edited Jan 19 '15 at 17:58

Matej

9,548
8
49
66

answered Jan 19 '15 at 17:45

fleveillee

55
1
6

`ctype_digit()` will only check a string, so `ctype_digit(1) === false`, while `ctype_digit('1') === true`. This is very useful for validating user input, as $_GET and $_POST contain strings. – kfriend Apr 28 '15 at 20:11

score 3 · Answer 4 · answered Nov 04 '10 at 18:57

3

What about intval?

$int = intval($_GET['id']);

answered Nov 04 '10 at 18:57

TheHippo

61,720
15
75
100

Great solution, but inval(0) returns 0, then in your test 0 will not be considireted as a INTEGER $value =0; if(!intval($value)) { throw new Exception(...); // Throw a exception for zero } – Mandien Mar 04 '22 at 12:10

score 1 · Answer 5 · answered Nov 04 '10 at 18:47

Try:

if(isNumeric($_GET['id'])) {
    $cast_int = (int)$_GET['id'];
}

if(isset($cast_int)) {
    echo gettype($cast_int)."<br />\n";
    if(is_int($cast_int))
    {
        echo 'Integer'."<br />\n";
    }
} else {
    echo gettype($_GET['id'])." was passed<br />\n";
}

function isNumeric($numeric) {
    return preg_match("/^[0-9]+$/", $numeric);
}

score 0 · Answer 6 · answered Nov 04 '10 at 18:46

It sounds like you are checking if a string contains an integer, rather than if that variable is an integer. If so, you should check out php's regex (regular expression) functionality. It allows you to check for very specific patterns in a string to validate it for whatever criteria. (such as if it contains only number characters)

Here's the php page http://php.net/manual/en/function.preg-match.php

and here's a cheat sheet on regular expressions (to make the $pattern string) http://regexpr.com/cheatsheet/

score -1 · Answer 7 · answered Nov 04 '10 at 18:50

I take a slightly more paranoid approach to sanitizing GET input

function sanitize_int($integer, $min='', $max='')
{
  $int = intval($integer);
  if((($min != '') && ($int < $min)) || (($max != '') && ($int > $max)))
    return FALSE;
  return $int;
}

To be even safer, you can extract only numbers first and then run the function above

function sanitize_paranoid_string($string, $min='', $max='')
{
  $string = preg_replace("/[^a-zA-Z0-9]/", "", $string);
  $len = strlen($string);
  if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
    return FALSE;
  return $string;
}

Code from: http://libox.net

php validate integer

7 Answers7

Linked

Related