WebApp Sec mailing list archives
Re: PHP variable sanitization functions
From: Jan Pieter Kunst <jpk () akamail com>
Date: Tue, 26 Aug 2003 20:02:21 +0200
Something like this (warning! untested code!) might be useful:
function sane_integer($val, $min, $max)
{
if (!preg_match('/^-?[0-9]+$/', $val))
return false;
if (($val < $min) or ($val > $max))
return false;
return true;
}
Maybe this one would be faster? As it doesn't use the regular expression engine.
function sane_integer($val, $min, $max)
{
if (!is_numeric($val))
return false;
if (($val < $min) or ($val > $max))
return false;
return true;
}
JP
Current thread:
- PHP variable sanitization functions Gavin Zuchlinski (Aug 24)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Jamie Pratt (Aug 25)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 25)
- <Possible follow-ups>
- Re: PHP variable sanitization functions Ulf Harnhammar (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Cameron Green (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 27)
- Re: PHP variable sanitization functions Cameron Green (Aug 27)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 28)
- Re: PHP variable sanitization functions Jean-Jacques Halans (Aug 29)
- Looking for coder.htm / ASCII encoder n30 (Aug 29)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Tim Tompkins (Aug 29)