[wp-hackers] Re: Don't treat a numeric user name as an id.
Scott Merrill
skippy at skippy.net
Fri Dec 16 13:20:50 GMT 2005
Nikolay Bachiyski wrote:
> m at wordpress.org wrote:
>> - if ( is_numeric($id) ) {
>> - $this->data = get_userdata($id);
>> - } else {
>> - $this->data = get_userdatabylogin($id);
>> + if ( ! is_numeric($id) ) {
>> + $name = $id;
>> + $id = 0;
>> }
>
>
> is_numeric tests if the string is numeric, which allows negative or
> float numbers to be used as an id. For example -666.66e8 is a valid
> numeric.
>
> Wouldn't it be better if also intval is used. It returns 0 if the string
> is not a valid integer. We just have to check whether intval($id) is
> greater than zero.
All form submissions are strings, though, so checking a form submitted
interger with is_int() will always return false.
http://us2.php.net/is_int:
"Note: To test if a variable is a number or a numeric string (such as
form input, which is always a string), you must use is_numeric()."
You could use is_numeric(), then strpos a minus sign or a decimal point
to determine whether its safe to call intval() on the submitted number.
--
skippy at skippy.net | http://skippy.net/
gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49 3544 476A 7DEC 9CFA 4B35
More information about the wp-hackers
mailing list