/    Sign up×
Community /Pin to ProfileBookmark

$_POST and INT only

I’m trying to do something very simple but can’t get my head around this.

I have a form with have two text inputs. ID1 & ID2.

On submit I want a few conditional statements.

First of all I want to check IF both are filled in. I then want to check that both are of type INT.

I’m doing that okay I think?

` if(empty( $_POST[‘IDOne’]) || empty($_POST[‘IDTwo’])){`

Do I use is_int? Because any input will be a string, therefore I should convert it?

`if (is_int($_POST[‘IDOne’]) || is_int($_POST[‘IDTwo’])){`

But If I convert to int

`$IDOne = (int) $_POST[‘IDOne’];`

It gets a value 0 when not a int therefore becomes an INT.

to post a comment
PHP

13 Comments(s)

Copy linkTweet thisAlerts:
@NogDogJan 09.2022 — Probably the simplest way is with [u][ctype_digit()](https://php.net/ctype_digits)[/u], if you only want to accept a string consisting only of digits (no commas, no negative signs, etc.).

Otherwise, you could try [u][filter_var()](https://php.net/filter_var())[/u] using the FILTER_VALIDATE_INT filter option.
Copy linkTweet thisAlerts:
@kiwisauthorJan 09.2022 — @NogDog#1641278

filter_var seems to fail if I enter 0.
Copy linkTweet thisAlerts:
@NogDogJan 09.2022 — Looks like if valid, filter_var() returns the value as an integer, so you need to use === false or !== false, as applicable (since it will return 0 for "0", which is false-y).
[code=php]
if(filter_validate($_POST['something'], FILTER_VALIDATE_INT) === false) {
// not an int
}
// or...
if(filter_validate($_POST['something'], FILTER_VALIDATE_INT) !== false) {
// is an int
}
[/code]
Copy linkTweet thisAlerts:
@ginerjmJan 09.2022 — You could write your <input> tag to use only digits as suggested already. And then use is_numeric once you receive it. If that test comes back true then cast it as integer._
Copy linkTweet thisAlerts:
@kiwisauthorJan 09.2022 — @NogDog#1641281

This should be so basic but it's doing my head in.

I've got several checks in place to error our what the problem is, I want to do this.

When I enter a numeric value in one and a 0 in the other box I get directed to this error
``<i>
</i>if(empty( $_POST['IDOne']) || empty($_POST['IDTwo'])){
header("LOCATION: index.php?error=empty")
} else {
// Second If
}<i>
</i>
`</CODE>

If I enter numeric and alpha i.e. 33 and BB I get a pass

<CODE>
`<i>
</i> if (filter_var($_POST['IDOne'], FILTER_VALIDATE_INT) || filter_var($_POST['IDTwo'],FILTER_VALIDATE_INT)!== false){
// Should be sucess.
} else {
header("LOCATION: index.php?error=nonInt");
exit();
}<i>
</i>
``
Copy linkTweet thisAlerts:
@kiwisauthorJan 09.2022 — @ginerjm#1641293

That's a good frontend measure, I'm wanting the backend to also be tidy and secure
Copy linkTweet thisAlerts:
@ginerjmJan 09.2022 — not sure how you are defining front and back. This is all server-based code.
Copy linkTweet thisAlerts:
@NogDogJan 09.2022 — > @ginerjm#1641307 not sure how you are defining front and back

Front end:

> @ginerjm#1641293 You could write your <input> tag to use only digits as suggested already.

Back end: whatever you end up doing in the PHP to handle the front end not working or being bypassed (including intentionally).
Copy linkTweet thisAlerts:
@ginerjmJan 10.2022 — @nogdog: And I agree with that exactly. Wonder what the OP thought I was doing that he disagreed with....
Copy linkTweet thisAlerts:
@kiwisauthorJan 10.2022 — Front end, backend might be the incorrect term, please excuse a non professional. Although it's fairly clear that user input would be front end, what's in front of you and back end us what happens behind the scenes i.e PHP.

What I'm trying to do is validate user input. A number input box can easily be manipulated.

Therefore on form submission. I was treat the two input boxes as just that _POST variables.

Firstly checking if BOTH had data.

Then checking if the values were or could be converted into integer, by default the value will be a string, even if the string reads as an integer.

Is that not possible, I went into this thinking it'd be easy. Struggled with it and seems it's still not as straight forward as I had assumed.
Copy linkTweet thisAlerts:
@ginerjmJan 10.2022 — Well I gave you how I would do it. 1 - encourage proper user input. 2 - use php functions to validate it and ensure that it is an integer.

Have fun!
Copy linkTweet thisAlerts:
@NogDogJan 10.2022 — Because I was bored and actually looked at the filter_var() manual page...
[code=php]
if(filter_var(
$_POST['something'],
FILTER_VALIDATE_INT,
['options' => [
'min_range' => 1,
'max_range' => 100
]]
) === false) {
die('Posted value was not an integer between 1 and 100');
}
[/code]
Copy linkTweet thisAlerts:
@ginerjmJan 10.2022 — I copied this to my 'snippets' folder to have and to hold.
×

Success!

Help @kiwis spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 3.29,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,

tipper: Anonymous,
tipped: article
amount: 10 SATS,
)...