I have a page like so:
http://sitename/gallery.php?page=2
It has pagination links at the bottom by which we can browse. Everytime the page numbers are clicked, it would send a GET request with parameters page=1 or page=2 and so on ...
When I store these values to $page from teh $_GET variable, it is a string value. I can convert it to an integer using (int) like this:
if(!empty($_GET['page'])){
$page = (int)$_GET['page'];
echo "Page Number: ".$page;
}
But how can I make sure that the value passed is an integer only and not other crap?
Using filters:
if (null !== ($page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE))) {
// $page is now an integer
}
This also checks whether the variable appears in the query string at the same time. If you want to differentiate between missing and invalid you have to leave off the last argument to filter_input():
$page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT);
// $page can be null (not present), false (present but not valid) or a valid integer
Use filter_var() with the FILTER_VALIDATE_INT filter on it, and check the return value.
Use is_numeric().
is_int() will not work because GET parameters are always string.
I've left a few comments here and there. Thanks to weak typing, functions like empty and isset tend to be unreliable. The quickest way to check if a parameter is an int or not IMO would be this:
if (array_key_exists('page',$_GET) && ($_GET['page'] == (int) $_GET['page']))
Casting to int and then compare the respective values will return true only when $_GET['page'] is a valid int. If you want to use strict type comparison for some reason (some do), you could double cast:
if (array_key_exists('page',$_GET) && ($_GET['page'] === (string)((int) $_GET['page'])))
But in this particular case, I can't really see why you would want to do that
this is a way how to check parameter if it is intetger or not.
if (is_int((int) $_GET['user_id']) && (int) $_GET['user_id'] != 0) {
$user_id = $_GET['user_id'];
}
Using is_int won't help, probably. All incoming parameters (including $_GET and $_POST) are parsed as strings by PHP. The is_int function checks the datatype, not the value. ctype_digit checks for only digits though:
if(isset($_GET['page']) && ctype_digit($_GET['page']){
$page = (int)$_GET['page'];
echo "Page Number: ".$page;
}
if(!empty($_GET['page']) and is_numeric($_GET['page'])){
$page = (int)$_GET['page'];
echo "Page Number: ".$page;
}
is_numeric is probably what you need.
You can also check with
isNAN($_GET['something']);//is_numeric($_GET['something'])
it returns a boolean value(true,flase)....if its true then it is not an integer,if false its an integer.
if (isset($_GET['page']) && (($get_page_filtered = filter_var($_GET['page'], FILTER_VALIDATE_INT)) !== FALSE) {
$get_page_int = $get_page_filtered;
}
#see https://stackoverflow.com/a/41868665/6758130
Related
I've been working on a very basic search engine. It basically operates by checking if the word exists. If it does, it returns the link. I know most of you would suggest to create a database from phpMyAdmin but I don't remember the password to make the mySql_Connect command work.
Anyway here is the code:
<?php
session_start();
$searchInput = $_POST['search'];
var_dump($inputPage1);
var_dump($searchİnput);
$inputPage1 = $_SESSION['pOneText'];
$inputPage2 = isset($_SESSION['pTwoText']) ? $_SESSION['pTwoText'] : "";
$inputPage3 = isset($_SESSION['pThreeText']) ? $_SESSION['pThreeText'] : "";
if (strpos($inputPage1, $searchInput)) {
echo "True";
} else {
echo "False";
}
?>
When I search a word, any word from any page, weather it exists or not, it always returns false. Does anyone know why?
From the PHP documentation:
Warning: This function may return Boolean FALSE, but may also return a non-Boolean value which evaluates to FALSE. Please read the section on Booleans for more information. Use the === operator for testing the return value of this function.
So the function returns the integer 0 since $searchInput starts at the first character of $inputPage1. Since it is inside an if condition, that expects a boolean, the integer is then converted to one. When converted to boolean, zero is equal to false so instead the else block is executed.
To fix it, you need to use the !== operator (the not equal equivalent of ===):
if (strpos($inputPage1, $searchInput) !== false) {
//...
Try stripos() to match case insensitive
First print all items in $_POST and $_SESSION using
echo "<pre>";
print_r($_POST);
print_r($_SESSION);
and ensure that the search string really exist in the bigger string .
Also make sure that your are using "false" to compare :
i.e
$pos = strpos($biggerString,$seachString);
if($pos !== false)
{
echo "Not found";
}
I have a URL which i pass parameters into
example/success.php?id=link1
I use php to grab it
$slide = ($_GET["id"]);
then an if statement to display content based on parameter
<?php if($slide == 'link1') { ?>
//content
} ?>
Just need to know in PHP how to say, if the url param exists grab it and do the if function, if it doesn't exist do nothing.
Thanks Guys
Use isset()
$matchFound = (isset($_GET["id"]) && trim($_GET["id"]) == 'link1');
$slide = $matchFound ? trim($_GET["id"]) : '';
EDIT:
This is added for the completeness sake. $_GET in php is a reserved variable that is an associative array. Hence, you could also make use of 'array_key_exists(mixed $key, array $array)'. It will return a boolean that the key is found or not. So, the following also will be okay.
$matchFound = (array_key_exists("id", $_GET)) && trim($_GET["id"]) == 'link1');
$slide = $matchFound ? trim($_GET["id"]) : '';
if(isset($_GET['id']))
{
// Do something
}
You want something like that
Here is the PHP code to check if 'id' parameter exists in the URL or not:
if(isset($_GET['id']))
{
$slide = $_GET['id'] // Getting parameter value inside PHP variable
}
I hope it will help you.
It is not quite clear what function you are talking about and if you need 2 separate branches or one. Assuming one:
Change your first line to
$slide = '';
if (isset($_GET["id"]))
{
$slide = $_GET["id"];
}
I know this is an old question, but since php7.0 you can use the null coalescing operator (another resource).
It similar to the ternary operator, but will behave like isset on the lefthand operand instead of just using its boolean value.
$slide = $_GET["id"] ?? 'fallback';
So if $_GET["id"] is set, it returns the value. If not, it returns the fallback. I found this very helpful for $_POST, $_GET, or any passed parameters, etc
$slide = $_GET["id"] ?? '';
if (trim($slide) == 'link1') ...
Why not just simplify it to if($_GET['id']). It will return true or false depending on status of the parameter's existence.
I have a page like so:
http://sitename/gallery.php?page=2
It has pagination links at the bottom by which we can browse. Everytime the page numbers are clicked, it would send a GET request with parameters page=1 or page=2 and so on ...
When I store these values to $page from teh $_GET variable, it is a string value. I can convert it to an integer using (int) like this:
if(!empty($_GET['page'])){
$page = (int)$_GET['page'];
echo "Page Number: ".$page;
}
But how can I make sure that the value passed is an integer only and not other crap?
Using filters:
if (null !== ($page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE))) {
// $page is now an integer
}
This also checks whether the variable appears in the query string at the same time. If you want to differentiate between missing and invalid you have to leave off the last argument to filter_input():
$page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT);
// $page can be null (not present), false (present but not valid) or a valid integer
Use filter_var() with the FILTER_VALIDATE_INT filter on it, and check the return value.
Use is_numeric().
is_int() will not work because GET parameters are always string.
I've left a few comments here and there. Thanks to weak typing, functions like empty and isset tend to be unreliable. The quickest way to check if a parameter is an int or not IMO would be this:
if (array_key_exists('page',$_GET) && ($_GET['page'] == (int) $_GET['page']))
Casting to int and then compare the respective values will return true only when $_GET['page'] is a valid int. If you want to use strict type comparison for some reason (some do), you could double cast:
if (array_key_exists('page',$_GET) && ($_GET['page'] === (string)((int) $_GET['page'])))
But in this particular case, I can't really see why you would want to do that
this is a way how to check parameter if it is intetger or not.
if (is_int((int) $_GET['user_id']) && (int) $_GET['user_id'] != 0) {
$user_id = $_GET['user_id'];
}
Using is_int won't help, probably. All incoming parameters (including $_GET and $_POST) are parsed as strings by PHP. The is_int function checks the datatype, not the value. ctype_digit checks for only digits though:
if(isset($_GET['page']) && ctype_digit($_GET['page']){
$page = (int)$_GET['page'];
echo "Page Number: ".$page;
}
if(!empty($_GET['page']) and is_numeric($_GET['page'])){
$page = (int)$_GET['page'];
echo "Page Number: ".$page;
}
is_numeric is probably what you need.
You can also check with
isNAN($_GET['something']);//is_numeric($_GET['something'])
it returns a boolean value(true,flase)....if its true then it is not an integer,if false its an integer.
if (isset($_GET['page']) && (($get_page_filtered = filter_var($_GET['page'], FILTER_VALIDATE_INT)) !== FALSE) {
$get_page_int = $get_page_filtered;
}
#see https://stackoverflow.com/a/41868665/6758130
I've moved from HTML to PHP coding, so when I wanted to make a link for my news page I used HREF to take the id for the row as a link and make the title of the piece the viewable/clickable link:
echo "<a href=news.php?id=".$row{'id'};
echo ">";
echo ucwords(strtolower($row{'newstitle'}));
echo "</a>";
So when someone clicks on the title it redirects to the article and the address bar becomes (obviously this is an example):
http://site.com/news.php?id=1
How can I validate that the information after the ? is id=int (it will always be a number) and not some user code or other input that could damage the site? I've looked at ways of Sanitizing/Validating the code, but all the examples I've found have been to do with entering information into forms that are then used in the address rather than simply ensuring the address is valid, hence turning to here for assistance.
Thanks
You should use the filter module:
$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if ($id === false) {
// not an integer
}
Or you can use ctype_digit() to check if a variable is composed only of decimal digits:
if (ctype_digit($_GET['id'])) {
// it's an integer
} else {
// not an integer
}
Or shorter:
ctype_digit($_GET['id']) or die("oops that's not an integer!");
But die or exit would make your code less testable.
is_numeric would work too, but it would return true for any string representation of a number, not only integers.
Try this
<?php
if (is_int($_GET["id"])) {
echo "is integer\n";
} else {
echo "is not an integer\n";
}
?>
If you have excluded 0 as a valid number for your integer id, you can simply do the following:
$id = (int) $_GET['id'];
if (!$id) {
# no number -or- 0 given
} else {
# regardless what have been given, it has been converted at least to some integer.
}
That's by casting. Now $id is always an integer so more safe to use.
However, most often you need to check as well that the number is non-negative:
$id = max(0, $_GET['id']);
The max function does take care of casting $_GET['id'] into an integer. It ensures that the id is 0 or higher in case the provided value was greater than 0. If it was 0 or lower, 0 is the maximum number.
If you then need to actually validate the input more strictly, you can turn it back into a string for comparison reasons:
if ("$id" === $_GET['id'])
{
# Input was done as a string representation of the integer value.
}
Here is my code:
<?php
$id = $_GET["id"];
if (is_int($id) === FALSE) {
header('HTTP/1.1 404 Not Found');
exit('404, page not found');
}
?>
It always enters inside the if.
is_int checks that the data type is an integer, but everything in $_GET will be a string. Therefore, it will always return false.
In a pinch, you could cast to an integer and then check for != 0.
$id = isset($_GET['id']) ? (int) $_GET['id'] : null;
if (!$id) { // === 0 || === null
header('HTTP/1.1 404 Not Found');
exit('404, page not found');
}
But a more robust solution would involve some type of input string validation / filtering, like PHP's built-in filter_input_array().
(Edited post on Oct/13 since it is still receiving upvotes and it was somewhat confusingly worded.)
User input in $_GET array (as well as the other superglobals) all take the form of strings.
is_int checks the type (i.e. string) of the value, not whether it contains integer-like values. For verification that the input is an integer string, I would suggest either something like ctype_digit or an integer filter (FILTER_VALIDATE_INT—this has the benefit of actually changing the value to type integer). Of course you could also typecast it with (int).
From the PHP documentation for is_int:
Note: To test if a variable is a
number or a numeric string (such as
form input, which is always a string),
you must use is_numeric().
Any user input comes in as a string, because PHP has no way to tell what data type you expect the data to be.
Cast it to an integer or use a regex if you want to make sure it's an integer.
<?php
$id = $_GET["id"];
if ((int) $id == 0) {
header('HTTP/1.1 404 Not Found');
exit('404, page not found');
}
?>
Try using is_numeric instead of is_int. is_numeric checks to see if it is given something that can be a number ($_GET returns strings I think). is_int checks to see if the variable is of type int
Use is_numeric() to evaluate the content and is_int() to evaluate the type.
Or, you could just use a regex match to check if the string is an integer.
if(preg_match('/^\d+$/',$_GET['id'])) {
// is an integer
}