how to filter a $id?

Forum Moderators: coopster

Message Too Old, No Replies

how to filter a $id?

Shanee

8:05 pm on Jul 28, 2006 (gmt 0)

hello to all
actually i want to validate/filter an variable, means i have the url [my-site.com...] i wan to filter the $id variable from alphabits and other characters like (~!@#$%^&*()_+%).
can anyone help me for this problem.

thanks

mooger35

9:21 pm on Jul 28, 2006 (gmt 0)

$newstring = preg_replace('/[^a-z-A-Z-0-9\d]+/s', '', $string);

This will remove white space and all characters except numbers and letters.

brotherhood of LAN

9:32 pm on Jul 28, 2006 (gmt 0)

You may also want to check out the character functions in PHP , here

[uk2.php.net...]

ctype_alnum() would return true if all characters in $id are alphanumeric.

mikesmith76

9:48 pm on Jul 28, 2006 (gmt 0)

I always use the is_numeric() function on any id passed, along with a custom escape_data() function based around mysql_real_escape_string. Technically if is_numeric() does it's job the second escape function is not needed but i call it anyway for a bit of redundant error checking (and i have the function around anyway for escaping text fields)

Also you should think if an id is definately needed for a page and it isn't passed what will you do? display an error page or redirect to another page?

dreamcatcher

5:59 am on Jul 29, 2006 (gmt 0)

Another alternative is to use PHP's character classes. This is what I use for checking digits:

if (!ereg("^[[:digit:]]+$", $_GET['id']))
{
//error
}

mikesmith76

8:18 am on Jul 29, 2006 (gmt 0)

if (!ereg("^[[:digit:]]+$", $_GET['id']))
{
//error
}
dc

Dreamcatcher a quick question if i may. your expression above checks for one or more digits, what advantage would this have over the is_numeric() function? Which do you think would be the quicker of the two?

Thanks

dreamcatcher

8:44 am on Jul 29, 2006 (gmt 0)

Hi mikesmith76,

You might want to check out the notes on the is_numeric [uk.php.net] function on the PHP website:

Finds whether a variable is a number or a numeric string.
Numeric strings consist of optional sign, any number of digits, optional decimal part and optional exponential part. Thus +0123.45e6 is a valid numeric value.

Also, someone commented that the is_numeric function will only check 16 digits and no more and that in PHP5 it returns false for strings with a leading decimal point.

The character classes and the ctype functions will check that ALL characters in the string are numeric. I don`t think there would be much speed wise, but for a true numeric check I think those two are better.

mikesmith76

1:35 pm on Jul 29, 2006 (gmt 0)

You might want to check out the notes on the is_numeric function on the PHP website:

Hey thanks for that, should've really read the docs before relying on it

mike

how to filter a $id?

Shanee

mooger35

brotherhood of LAN

mikesmith76

dreamcatcher

mikesmith76

dreamcatcher

mikesmith76

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week