Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:86175 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 51718 invoked from network); 12 May 2015 18:57:44 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 12 May 2015 18:57:44 -0000 Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.169 as permitted sender) X-PHP-List-Original-Sender: rowan.collins@gmail.com X-Host-Fingerprint: 209.85.212.169 mail-wi0-f169.google.com Received: from [209.85.212.169] ([209.85.212.169:38243] helo=mail-wi0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D3/12-41925-72D42555 for ; Tue, 12 May 2015 14:57:44 -0400 Received: by wicnf17 with SMTP id nf17so27904258wic.1 for ; Tue, 12 May 2015 11:57:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=user-agent:in-reply-to:references:mime-version :content-transfer-encoding:content-type:subject:from:date:to :message-id; bh=AgLjDV4j4JAT0Vdn2BGBe3iD9f5xhb5GSqsTZu6+EVc=; b=tWf3yoEdWo8FM9+rdIn6um7Wn5woL45gXV6fmI1rUzsozsS+kfa2ZC370aCfKPNSR/ nYn53x75pTaO9iXnWTY5oHaH9jEFjMrXUm2HPFVG/OJinriNWR9iJY2qOad3XLdqJuQw ImtkwfJM4Mbl8UDvr6EaNa8Wfhn2CYqr16PoP7J6BRGmPP8XdjPNJkmRRRQfLHXCQ2Go 3rUJn57k1SEtFVDA0rSrhOQpVT32AnGFxWbgKPE5GSu08Mg4KMU8vFZwshTkMWeOrbKU +3w33lUqI20ihGYXuiuml54Icc4L7veqUgDizBsubijOVmG657XDWBqoQrSmTbIbSAC/ dcwg== X-Received: by 10.194.95.132 with SMTP id dk4mr33488307wjb.88.1431457060413; Tue, 12 May 2015 11:57:40 -0700 (PDT) Received: from [192.168.0.6] (cpc68956-brig15-2-0-cust215.3-3.cable.virginm.net. [82.6.24.216]) by mx.google.com with ESMTPSA id m1sm4199918wiw.7.2015.05.12.11.57.39 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 May 2015 11:57:39 -0700 (PDT) User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Date: Tue, 12 May 2015 19:55:33 +0100 To: internals@lists.php.net Message-ID: Subject: Re: [PHP-DEV] is_digits() and digits type From: rowan.collins@gmail.com (Rowan Collins) On 12 May 2015 01:56:52 BST, Yasuo Ohgaki wrote: >To resolve this issue, how about to have > >- is_digits() and digits type for digits only inputs(integer like >string) > - is_numeric() and numeric type for float like string Firstly, these functions already exist; the first is called ctype_digit and works as described, the second has quite a broad definition but is basically the same as you're suggesting. Secondly, this doesn't solve the problem you are claiming to have, namely validating values which are safe for external uses, because these checks are far too loose. For instance, valid input for a 64-bit signed integer in a database could include: - any PHP native integer (assuming nobody builds with 128-bit ints!) - any string consisting of all digits, such that when interpreted as an integer the value won't exceed 2^64-1 - any string consisting of a '-' followed by digits, such that the magnitude of the integer interpretation wouldn't exceed 2^64 - any PHP float with no fractional part, maybe capped to a magnitude less than 2^53 for safety For an unsigned integer, there's one less string case, and extra checks to the float and int cases to exclude negative values. This is full data validation, not type checks, and belongs in ext/filter or similar as a suite of filters for different foreign types. One approach to implement it would be to perform basic pattern validation with is_numeric or a simple regex, promote to a GMP object, and then range check based on the required type. A "numeric type" would actually just be a piece of metadata attached to the variable saying that this function had been run, since the underlying representation would be unchanged. A bit like Perl's "taint tracking", but much more complicated. Regards, -- Rowan Collins [IMSoP]