Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP Santizing/Validating Array of Integers

I have the following array and would like to know what the best way would be of validating and santizing this array to make sure only integers are allowed?

if(is_array($_POST['taxonomy'])) {
    $term_ids = array_map('esc_attr', $_POST['taxonomy']);
}

Which looks like this when printed:

Array
(
    [0] => 13
    [1] => 12
)

I know the esc_attr isn't very secure so would like something a bit more beefed up.

Any help would be great.

Cheers,

Dave

like image 936
daveaspinall Avatar asked Oct 07 '11 07:10

daveaspinall


2 Answers

Since it's $_POST data, you'll want to check for ctype_digit (i.e. a string containing only digits):

$sanitizedValues = array_filter($_POST['taxonomy'], 'ctype_digit');

Note that this simply discards non-numeric values.

like image 168
deceze Avatar answered Nov 15 '22 17:11

deceze


An alternative would be using phps filter functions:

$array = array(
  13, 12, '1', 'a'
);

$result = filter_var($array, FILTER_VALIDATE_INT, array(
  'flags'   => FILTER_REQUIRE_ARRAY,
  'options' => array('min_range' => 1)
));

var_dump($result);

/*
array(4) {
  [0]=>
  int(13)
  [1]=>
  int(12)
  [2]=>
  int(1)
  [3]=>
  bool(false)
}
*/
like image 33
Yoshi Avatar answered Nov 15 '22 17:11

Yoshi