PHP Forms Validating Form Input: Numbers

PHP Forms

Validating Form Input: Numbers

Problem

You want to make sure a number is entered in a form input box. For example, you don’t want someone to be able to say that her age is old enough or tangerine, but instead want values such as 13 or 56.

Solution

Example  Validating a number with FILTER_VALIDATE_INT

          $age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);

          if ($age === false) {

               print "Submitted age is invalid.";

          }

Example  Validating a number with FILTER_VALIDATE_FLOAT

          $price = filter_input(INPUT_POST, 'price', FILTER_VALIDATE_FLOAT);

          if ($price === false) {

               print "Submitted price is invalid.";

          }

Discussion

The FILTER_VALIDATE_INT and FILTER_VALIDATE_FLOAT filters cause filter_input() to return a number of the specified type (int or float) if the input string represents an appropriate number for the filter, or false otherwise.

There are a few filter flags that affect these number filters. The FILTER_FLAG_ALLOW_OCTAL flag tells FILTER_VALIDATE_INT to accept octal notation. That is, a submitted string of 017 will cause the integer 15 to be returned. Similarly, the flag FILTER_FLAG_ALLOW_HEX allows a submitted string of 0x2f to be returned as the integer 47.

The FILTER_FLAG_ALLOW_THOUSAND modifies the behavior of the FILTER_VALIDATE_FLOAT filter by allowing commas as a thousands separator. Without it, 5,252 will be considered invalid. With it, 5,252 correctly validates as the float 5252.

If you’re a fan of regular expressions, those can be useful in certain validation situations.

         

Example   Validating numbers with regular expressions

         // The pattern matches an optional—sign and then

         // at least one digit

         if (! preg_match('/^-?\d+$/',$_POST['rating'])) {

              print 'Your rating must be an integer.';

         }

         // The pattern matches an optional—sign and then

         // optional digits to go before a decimal point

         // an optional decimal point

         // and then at least one digit

         if (! preg_match('/^-?\d*\.?\d+$/',$_POST['temperature'])) {

              print 'Your temperature must be a number.';

         }

It is a common refrain among performance-tuning purists that regular expressions should be avoided because they are comparatively slow. In this case, however, with such simple regular expressions, they are about equally efficient as the filter functions. If you’re more comfortable with regular expressions, or you’re using them in other validation contexts as well, they can be a handy choice. The regular expression also allows you to consider valid numbers, such as 782364.238723123, that cannot be stored as a PHP float without losing precision. This can be useful with data such as a longitude or latitude that you plan to store as a string.