6 Replies - 3296 Views - Last Post: 05 March 2009 - 08:18 AM Rate Topic: -----

#1 FrozenSnake  Icon User is offline

  • En man från Sverige!

Reputation: 122
  • View blog
  • Posts: 995
  • Joined: 30-July 08

Only allow numbers in $_GET

Posted 04 March 2009 - 04:42 AM

I only want to allow numbers in my $_GET (all of them) but I dont get it to work.

if(isset($_GET) && ctype_digit($_GET) != TRUE)
	header("location: ?p=1000");

This trigger the header even if the $_GET only are numbers.
I also tried this
if(isset($_GET) && is_numeric($_GET) != TRUE)
	header("location: ?p=1000");

Same result. I also tried with == on both but then it doesn't care if it's '1' or 'a' in the $_GET it's ok anyway.
Is there any easy way to only accept numbers in any get that is in the url?

I also want to use a mysql_real_escape_string($_POST) but not before I get this to work.
I hope anyone can help me =)

Is This A Good Question/Topic? 0
  • +

Replies To: Only allow numbers in $_GET

#2 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6039
  • View blog
  • Posts: 23,436
  • Joined: 23-August 08

Re: Only allow numbers in $_GET

Posted 04 March 2009 - 05:24 AM

You are looking at the entire $_GET array, which is...an array and therefore non-numeric. You need to look at the particular $_GET member, like I see 'p' in your code:
if(isset($_GET['p']) && is_numeric($_GET['p']) != TRUE)

Was This Post Helpful? 0
  • +
  • -

#3 tuntis  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 22
  • Joined: 10-November 08

Re: Only allow numbers in $_GET

Posted 04 March 2009 - 05:26 AM

Just Woke Up- Code™

foreach ($_GET as $g) {
	if (ctype_digit($g)) $get_is_numeric = true;
	else $get_is_numeric = false;
}

if ($get_is_numeric) header("location: ?p=1000");

Seems to work, assuming that you want _every $_GET value that is being received checked_. Otherwise, go with the above post.

And there's probably a much more efficient way to do this :P

This post has been edited by tuntis: 04 March 2009 - 05:27 AM

Was This Post Helpful? 0
  • +
  • -

#4 AlienWebguy  Icon User is offline

  • D.I.C Head

Reputation: 9
  • View blog
  • Posts: 84
  • Joined: 04-March 09

Re: Only allow numbers in $_GET

Posted 05 March 2009 - 02:50 AM

If I'm right, the above code won't work correctly because the flag variable is being reset every loop iteration. If the last element in the array is numeric, it will assume all elements were, right?

An alternative way:

foreach($_GET as $get_var){

   if(!is_numeric($get_var))
	  $not_all_numeric = true;
}

if($not_all_numeric)
   echo 'error: string present';



That way, it doesn't even acknowledge the numeric values and only flags an error if a string is detected in the array.

--S--
Was This Post Helpful? 0
  • +
  • -

#5 no2pencil  Icon User is online

  • Toubabo Koomi
  • member icon

Reputation: 5189
  • View blog
  • Posts: 26,896
  • Joined: 10-May 07

Re: Only allow numbers in $_GET

Posted 05 March 2009 - 03:22 AM

I would think the most efficient way would be to check the user input with Javascript. Let the browser deal with validating the input, so the server does as little as possible.
Was This Post Helpful? 0
  • +
  • -

#6 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2895
  • View blog
  • Posts: 10,028
  • Joined: 08-August 08

Re: Only allow numbers in $_GET

Posted 05 March 2009 - 06:14 AM

View Postno2pencil, on 5 Mar, 2009 - 05:22 AM, said:

I would think the most efficient way would be to check the user input with Javascript. Let the browser deal with validating the input, so the server does as little as possible.

Wouldn't that be a hacker's dream? All they would have to do is turn off javascript. If they wanted to get really creative, they could edit the javascript to pass whatever they like.

I'd do something like this:

$x = (int)$_GET['someinput'];

This post has been edited by CTphpnwb: 05 March 2009 - 06:15 AM

Was This Post Helpful? 0
  • +
  • -

#7 tuntis  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 22
  • Joined: 10-November 08

Re: Only allow numbers in $_GET

Posted 05 March 2009 - 08:18 AM

View PostAlienWebguy, on 5 Mar, 2009 - 01:50 AM, said:

If I'm right, the above code won't work correctly because the flag variable is being reset every loop iteration. If the last element in the array is numeric, it will assume all elements were, right?

An alternative way:

*snip*


I knew there was something wrong with it... :rolleyes:
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1