Hi all,

This time i gotten into a critical problem here :(
My host has just upgrade the PHP version from 4.3.1 to 4.4.1

The thing is this, my PHP script suddenly fails to accept any legal values on my server..I am making use of ctype_digit to validate the user's input values.

The following is the testing process that i have taken so far,

1. My script is working fine on my local machine (PHP 4.3.11) and it accepts the legal values

2. Upon uploaded to the server, it fails to accept the same legal value that i have input..is this a PHP version error or server error?? My server runs on PHP 4.4.1

My script looks something like:

if ((!ctype_digit($_POST['houser']) || !ctype_digit($_POST['bankr']) || !ctype_digit($_POST['summonr']) || !ctype_digit($_POST['wallr']) || !ctype_digit($_POST['acrhr']))||($_POST['acrhr']+$_POST['wallr']+$_POST['summonr']+$_POST['bankr']+$_POST['houser']<=0)) {
$ok=0;
} else $ok=1;


FROM php.net:
ctype_digit
(PHP 4 >= 4.0.4, PHP 5)
It should work right :S

Any help is greatly appreciated.
Thank you.

Not sure if this will fix it, but give it a try:

if ((!ctype_digit((string)$_POST['houser']) || !ctype_digit((string)$_POST['bankr']) || !ctype_digit((string)$_POST['summonr']) || !ctype_digit((string)$_POST['wallr']) || !ctype_digit((string)$_POST['acrhr']))||((string)$_POST['acrhr']+(string)$_POST['wallr']+(string)$_POST['summonr']+(string)$_POST['bankr']+(string)$_POST['houser']<=0)) {
$ok=0;
} else $ok=1;

Hi justadollarhostin,

it does not work :crying:

I just found out from php.net that ctype_digit("") will no longer return true. :mad:

Is there any other alternatives to get around this problem?

You can just use regular expressions.

For example, to check if a string contains only digits:


$regex = "|^[0-9]*$|";
if (preg_match($regex,"12345")) { echo 'All numbers'; } else { echo 'Not'; }
if (preg_match($regex,"1323adf3434")) { echo 'All numbers'; } else { echo 'Not'; }

:agree: thanks^^
It helps.

Something like this may work (and may earn the gratitude of your development teammates):$res = extract($_POST);
// Auto-casts to string:
$str = $houser . $bankr . $summonr . $wallr . $acrhr;
// Auto-casts to number:
$num = $houser + $bankr + $summonr + $wallr + $acrhr;
if (!ctype_digit($str) || num <= 0) { // Or use regex
$ok = 0;
} else {
$ok = 1;
}

Use extract with extreme caution as it can lead to the same security problems as register_globals.

Also, in your example, num <= 0 -- this should be $num <= 0

Another way to check if nothing has been input in a string, is to check the trimmed length (of course, if whitespace is important, don't trim the string).

Example:

$string = " ";
echo strlen($string);
echo strlen(trim($string));

There are functions like is_numeric(), is_int(), is_float() etc.
You can use is_numeric() on incoming data (POST and GET), or convert POST/GET data to appropriate type with intval/floatval and format the number with number_format() then check the value with is_int()/is_float().
But since regexp does the job good, no need for complications.

Thanks for the suggestions :rolleyes:

My script only accept whole numbers from the user, but is_int accepts numbers with decimal points...therefore, i uses preg_match for my case^^

I just found out from php.net that ctype_digit("") will no longer return true.
Well, you can still use ctype_digit() as a (possibly faster) alternative to regex with:
$x == "" || ctype_digit($x)