11

I have the following array and would like to know what the best way would be of validating and santizing this array to make sure only integers are allowed?

if(is_array($_POST['taxonomy'])) {
    $term_ids = array_map('esc_attr', $_POST['taxonomy']);
}

Which looks like this when printed:

Array
(
    [0] => 13
    [1] => 12
)

I know the esc_attr isn't very secure so would like something a bit more beefed up.

Any help would be great.

Cheers,

Dave

Improve this question
4
  • Cast them to INTs no matter what... Commented Oct 7, 2011 at 7:48
  • If it was a string I'd just use (int) but is there something similar to use for an array? Thanks for your reply Commented Oct 7, 2011 at 7:50
  • you do that for array values on loop Commented Oct 7, 2011 at 7:51
  • Just cast them and map them to ints. Commented Oct 7, 2011 at 8:03

5 Answers 5

Reset to default
16

Since it's $_POST data, you'll want to check for ctype_digit (i.e. a string containing only digits):

$sanitizedValues = array_filter($_POST['taxonomy'], 'ctype_digit');

Note that this simply discards non-numeric values.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

just tried this and it seems to be working spot on, thanks for everyone elses comments by the way, very helpful! How secure is this though? If someone were to inject something into this array? (We've had a few issues with hacking hence I'm going through all the code and plugging any holes). Cheers
With this you can be sure that $sanitizedValues contains only strings that contain only numbers. Nothing more, nothing less.
Very nice, and very clean. Cheers @deceze and everyone else who posted a reply.
Nice. Exactly what I was looking for. Kudos.
7

An alternative would be using phps filter functions:

$array = array(
  13, 12, '1', 'a'
);

$result = filter_var($array, FILTER_VALIDATE_INT, array(
  'flags'   => FILTER_REQUIRE_ARRAY,
  'options' => array('min_range' => 1)
));

var_dump($result);

/*
array(4) {
  [0]=>
  int(13)
  [1]=>
  int(12)
  [2]=>
  int(1)
  [3]=>
  bool(false)
}
*/
Improve this answer

4 Comments

Much more verbose but technically more appropriate. +1 :)
Sorry guys, whats the difference between the two?
If it's a single field you're validating, I think it's just a matter of taste. Although if you have a lot of validating the filter functions can save you some work (see filter_input_array for example). And I guess, if you or someone else has to understand what you're doing 3months later, the filter function do more clearly show whats happening.
At the moment its just a single input. I've checked out the filter_input_array and it looks like its going to be very useful! I'll +1 this answer also, thanks alot @Yoshi for your help and advice. Every day's a school day :-)
1 
if(is_array($_POST['taxonomy'])) {
    $term_ids = array_map('intval', $_POST['taxonomy']);
}

Should do the trick. NOTE: this is sanitation. More: http://php.net/manual/en/function.intval.php

Improve this answer

Comments

1 
foreach( $array as $key => $value) {
    $array[$key] = (int) $value;

    if( $array[$key] != $value ) {
        // error
    }
}
Improve this answer

3 Comments

POST data is never int, it's all strings.
This looks like numbers: Array ( [0] => 13 [1] => 12 )
Yes, but they're strings, not ints.
0

If you are looking for one-liner to check against specified condition you can use:

$onlyIntegers = Arr::check($_POST['taxonomy'], 'ctype_digit');

assuming your $_POST['taxonomy'] can contain numeric strings as @deceze suggested, or just plain:

$onlyIntegers = Arr::check($_POST['taxonomy'], 'is_int');

if you are sure that $_POST['taxonomy'] values should be in fact integers.

Arr::check method is a part of this php array library which contains various methods to help you deal with different types of arrays.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.