Fixing Numeric Input

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
timclaason
Forum Commoner
Posts: 77
Joined: Tue Dec 16, 2003 9:06 am
Location: WI

Fixing Numeric Input

Post by timclaason »

How do I deal with users entering a calculation in a text box?

For instance, I'm expecting users to enter a single number (ie 10) and they put a calculation in (2*5).
I want to prevent that from happening

Thanks in advance
User avatar
veridicus
Forum Commoner
Posts: 86
Joined: Fri Feb 23, 2007 9:16 am

Post by veridicus »

Use the is_numeric() function. If it returns true for the value you can accept it.
Mohit_Prog
Forum Commoner
Posts: 26
Joined: Mon Apr 23, 2007 6:10 am

Post by Mohit_Prog »

In the onChange event of a textbox, check value of the textbox with javascript. If a given value is not a number then put alert and take input again.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I think the conclusion is: Do not try to 'fix'.. Simply validate... and leave the fix to the user
Zu
Forum Commoner
Posts: 33
Joined: Wed Dec 06, 2006 4:21 am

Post by Zu »

veridicus wrote:Use the is_numeric() function. If it returns true for the value you can accept it.
Don't be so sure on that. is_numeric() is a very general function in testing for a number.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

You want to write an expression evaluator. In detail what do you want it to be capable of?
The basic principle of something like this is first to tokenize it and then to process the tokens. So "(1 + 3) * 5" becomes array(OpenParenthesis, Integer, OperatorPlus, CloseParenthesis, OperatorMultiply, Integer) you can then use various parsing techniques to perform the calculation, a recursive descendent parser might be of interest.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Mohit_Prog wrote:In the onChange event of a textbox, check value of the textbox with javascript. If a given value is not a number then put alert and take input again.
If a user has JavaScript disabled then it won't work, so you have to check the value on the server anyway. Clientside validation is worthwhile because it improves the user's experience, but you should never rely on it for security or data integrity.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

ole wrote:The basic principle of something like this is first to tokenize it and then to process the tokens. So "(1 + 3) * 5" becomes array(OpenParenthesis, Integer, OperatorPlus, CloseParenthesis, OperatorMultiply, Integer) you can then use various parsing techniques to perform the calculation, a recursive descendent parser might be of interest.
You could just eval() it. :twisted:

(NOTE: This is a JOKE. Do NOT eval() incoming data.)
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

You could just eval() it. :twisted:

(NOTE: This is a JOKE. Do NOT eval() incoming data.)
Yes, that occurred to me as well. Actually it is not completely impossible. You could tokenize it with token_get_all(), filter with a whitelist the legal tokens, rebuild it, eval. Probably pretty easy actually.
Post Reply