Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I'm having some trouble validating an entry to my form. When i enter a valid number such as 3285 i get the first error message ([7]) returned. I can't find anything wrong with my code so if anyone could point me in the right direction it would be appreciated. I have only been doing PHP for 2 weeks so it may be something simple for which i apologise.
if ($POST['extension'] != strval(intval($_POST['extension']))) {
$errors[7] = 'Phone Extension must be a number';
} else {
if (($_POST['extension'] < 3000) || ($_POST['extension'] > 3599)) {
$errors[8] = 'Extension must be between 3000 and 3599';
}
}
Form input is always string so you are passing a string value to intval, which returns 0 (or false). Try using is_numeric() to test if a value from a form is numeric.
<?php
if (!is_numeric($_POST['extension'])) {
$errors[7] = 'Phone Extension must be a number';
} else {
if (($_POST['extension'] < 3000) || ($_POST['extension'] > 3599)) {
$errors[8] = 'Extension must be between 3000 and 3599';
}
}
?>
Hth
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Thank you social_experiment the is_numeric function works perfectly. Also thank you for the info about form input always being string this should help me out in the future.