...

View Full Version : Fast/Best way to validate string?



nfn
01-14-2008, 04:11 PM
Hi,

I have a string to include into a SQL Query like this:
.... AND catID NOT IN (1,3,5) ...

The variable will have this value:
$var_catid = "1,3,5";
... AND catID NOT IN ('.$var_catid.') ...

How should I validate this string to ensure that all values are numeric and the string will not blow the query?

I already test with explode and a loop with is_numeric ... works ok, but I was wondering if this is the best and the fast way to do this.

Thanks

N

oesxyl
01-14-2008, 04:18 PM
Hi,

I have a string to include into a SQL Query like this:
.... AND catID NOT IN (1,3,5) ...

The variable will have this value:
$var_catid = "1,3,5";
... AND catID NOT IN ('.$var_catid.') ...

How should I validate this string to ensure that all values are numeric and the string will not blow the query?

I already test with explode and a loop with is_numeric ... works ok, but I was wondering if this is the best and the fast way to do this.

Thanks

N



if(preg_match("/(\d+\s*,)*\d+\s*/",$var_catid)){
...
}


not tested, you must ajust the regex if I mess it, many languages, many regex syntax.:)

PS: must be at least on number

best regards

aedrin
01-14-2008, 04:23 PM
That wouldn't really ensure that the query doesn't fail.


And CatId IN (2,3,,,,,5***)

oesxyl
01-14-2008, 04:30 PM
That wouldn't really ensure that the query doesn't fail.


And CatId IN (2,3,,,,,5***)

you are right, I miss the range, thank you



if(preg_match("/([1-5]\s*,)*[1-5]\s*/",$var_catid)){
...
}


EDIT: mess it again, with +, corrected

best regards

aedrin
01-14-2008, 04:39 PM
I don't think that really changes anything. It has nothing to do with the numbers.

oesxyl
01-14-2008, 04:45 PM
I don't think that really changes anything. It has nothing to do with the numbers.

can you give some details, please?


How should I validate this string to ensure that all values are numeric and the string will not blow the query?
that's the problem, isn't it?

best regards

nfn
01-14-2008, 04:55 PM
Hi,

The there is no numeric limit for the values neither the string:

('100,200,1000,...,n)


you are right, I miss the range, thank you



if(preg_match("/([1-5]\s*,)*[1-5]\s*/",$var_catid)){
...
}
EDIT: mess it again, with +, corrected

best regards

oesxyl
01-14-2008, 05:00 PM
Hi,

The there is no numeric limit for the values neither the string:

('100,200,1000,...,n)



if(preg_match("/(\d+\s*,)*\d+\s*/",$var_catid)){
...
}


this is what you need?

EDIT: I see the big NOT, only now, sorry, :)

Rework, :)



$var_catidre = '/(' . preg_replace("/,/g","|",$var_catid) . ')/';
if(!preg_match($var_catidre,$catid)){
...
}


I hope this time I understand the problem, :)

I give up, :), I change with this but first is correct, not is in the query, is clear I have a bad day, :)

best regards

aedrin
01-14-2008, 06:04 PM
It depends on the setup, but if the number if IDs is not going to be huge then there is no problem with exploding and casting to integer.

A regular expression can only quickly ensure it contains numbers/commas, but it will be harder to get it to validate the format.

oesxyl
01-14-2008, 06:36 PM
It depends on the setup, but if the number if IDs is not going to be huge then there is no problem with exploding and casting to integer.

A regular expression can only quickly ensure it contains numbers/commas, but it will be harder to get it to validate the format.

the length of the string could be check before passing to the preg_match and also could be limited the number of the digits in numbers, {6} for example. The regex could be designed for a more complicated constraint for format, but I'm agreed with you, if the regex become more complex could become a pain, and have same speed as a foreach, :)

best regards

nfn
01-14-2008, 08:09 PM
Ok,

I'll stay with the foreach!

Thanks, N



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum