-2

I am doing a pagination script and I want to give users the ability to control how many results are shown in one page. I am doing this through the use of a GET variable, like this: example.org/articles.php?count=10. Only problem is that the GET variable must be an integer or the code spits out random errors, some of which contains information that the user should not be seeing.

Here is my code: 

// Checks if there is a GET variable (this part works fine)
if (isset($_GET["count"])) {
    if (!empty($_GET["count"])) {
        $page_rows = $_GET["count"];
    } else { 
        $page_rows = $page_rows_default;
    }
} else { 
$page_rows = $page_rows_default;
}

// checks if the GET variable is an interger
// if not, the offending value is replaced with 0 
// (it doesn't work)
if(is_int($page_rows) == false) {
    $page_rows = 0;
}

From my experimentation my code can tolerate zeros and negative integers, but fails hard when given something like ?count=asdf. I mostly do not want the user to be able to crash the script by injecting random text into the GET variables. How do I get the script to automatically detect non-integer values so that they can be dealt with instead of simply halting the code?

Improve this question
2
  • 1
    try with is_numeric() . php.net/manual/en/function.is-numeric.php Commented Jun 1, 2015 at 5:45
  • It is irrelevant if the script checks if the value is numeric or not as you are using a GET request that can just be manipulated in the page request. Therefore I can just go into the address bar of my browser and type in example.org/articles.php?count=asdf if I wanted too and get the information you are trying to prevent the users from seeing. You should be using the POST method which will send the request in the HTTP header instead. In regards to pagination, you should use a drop down box with 10, 20, 50, 100, ALL (or something similar) as options. Commented Jun 1, 2015 at 6:08

2 Answers 2

Reset to default
1

You can use is_numeric(). For reference http://php.net/manual/en/function.is-numeric.php

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

The answer is correct. Downvoters mention the reason.!!
is_numeric checks only if the variable is of any numeric datatype (double, int, ..) and 1.23 isn't a integer, but a double. is_numeric(1.23) would be true.
The question here specifies " automatically detect non-integer values" like ?count=asdf . so is_numeric works
?count=1.23 would not work with is_numeric(), as "take" mentioned, it just checks for numeric type, not integer.
1

is_numeric() can done the trick for you

if(is_numeric($page_rows))
{
   //your condition 
}
else
{
 //another condition
}
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.