[wp-hackers] Re: Don't treat a numeric user name as an id.

Scott Merrill skippy at skippy.net
Fri Dec 16 13:20:50 GMT 2005

Nikolay Bachiyski wrote:
> m at wordpress.org wrote:
>> -        if ( is_numeric($id) ) {
>> -            $this->data = get_userdata($id);
>> -        } else {
>> -            $this->data = get_userdatabylogin($id);
>> +        if ( ! is_numeric($id) ) {
>> +            $name = $id;
>> +            $id = 0;
>>          }
> is_numeric tests if the string is numeric, which allows negative or
> float  numbers to be used as an id. For example -666.66e8 is a valid
> numeric.
> Wouldn't it be better if also intval is used. It returns 0 if the string
> is not a valid integer. We just have to check whether intval($id) is
> greater than zero.

All form submissions are strings, though, so checking a form submitted
interger with is_int() will always return false.

"Note:  To test if a variable is a number or a numeric string (such as
form input, which is always a string), you must use is_numeric()."

You could use is_numeric(), then strpos a minus sign or a decimal point
to determine whether its safe to call intval() on the submitted number.

skippy at skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35

More information about the wp-hackers mailing list