Here is my code:
<?php
$id = $_GET["id"];
if (is_int($id) === FALSE) {
header('HTTP/1.1 404 Not Found');
exit('404, page not found');
}
?>
It always enters inside the if.
views:
195answers:
5
+10
A:
You probably want is_numeric() or some other type of input string validation / filtering. (You could cast to an integer and then check for != 0.)
is_int checks that the datatype is an integer, but everything in _GET will be a string.
konforce
2010-06-28 18:29:56
Ran out of upvotes for the day, but this answer actually says the reason why to use is_numeric. Any HTTP request parameter sent by POST or GET will always be a string.
Lotus Notes
2010-06-28 18:33:09
+2
A:
User input in $_GET array (as well as the other superglobals) all take the form of strings.
is_int checks the type (i.e. string) of the value, not whether it contains integer-like values. For verification that the input is an integer string, I would suggest either something like ctype_digit or an integer filter (FILTER_VALIDATE_INT—this has the benefit of actually changing the value to type integer). Of course you could also typecast it with (int).
salathe
2010-06-28 18:31:10
+1
A:
From the PHP documentation for is_int:
Note: To test if a variable is a number or a numeric string (such as form input, which is always a string), you must use is_numeric().
R. Bemrose
2010-06-28 18:31:14
+1
A:
Any user input comes in as a string, because PHP has no way to tell what data type you expect the data to be.
Cast it to an integer or use a regex if you want to make sure it's an integer.
<?php
$id = $_GET["id"];
if ((int) $id == 0) {
header('HTTP/1.1 404 Not Found');
exit('404, page not found');
}
?>
Keith Palmer
2010-06-28 18:31:40
+1
A:
Try using is_numeric instead of is_int. is_numeric checks to see if it is given something that can be a number ($_GET returns strings I think). is_int checks to see if the variable is of type int
Badger
2010-06-28 18:32:02