Quote:
Originally Posted by quantumkangaroo
... just validating user input is very easy ...
|
Thanks for the write-up, I just have a couple of things to point out. When accepting user input from the superglobals like $_GET/POST, the variable will always be a string, always.
PHP Code:
// URI: mypage.php?test=moo&foo=123.45&bar=false
/*
dumping the $_GET variable will tell us:
array(3) {
["test"] => string(3) "moo"
["foo"] => string(6) "123.45"
["bar"] => string(5) "false"
}
*/
var_dump($_GET);
So be careful about using the
is_* functions mentioned above blindly on user input as they might not behave precisely how you expect. For example, from the sample above,
$_GET['foo'] is
not a float and
$_GET['bar'] is
not boolean.
Also, the information provided about
is_bool is incorrect. The function checks the data type of the variable so only
$bool would return TRUE, the others would all return FALSE (go check for yourself).
It is also worth mentioning that
is_numeric checks whether the variable is a number
or a numeric string. For example, the following are all numeric but you might not want to allow them:
"0123",
"0xFF",
"+123.4567e8".