adrianmak Posted April 15, 2016 Share Posted April 15, 2016 I could find for pageName only from api doc http://processwire.com/api/variables/sanitizer/ Link to comment Share on other sites More sharing options...
arjen Posted April 15, 2016 Share Posted April 15, 2016 How about: $pageID = $sanitizer->int($id); or $pageID = (int) $id; 3 Link to comment Share on other sites More sharing options...
horst Posted April 15, 2016 Share Posted April 15, 2016 $sanitizer->int() or php natives (int) or intval() will do. Looking up in tools like API-gen, maintained (with everytime the newest codebase) by Kongondo, is much more faster than asking (such simply code/method related things) in the forums. I highly suggest to use this. It will save you a lot of time, that you otherwise have to wait until someone other answers your questions. --- EDIT: Oh damn, - @arjen beats me, while I made the screenshot! 5 Link to comment Share on other sites More sharing options...
LostKobrakai Posted April 15, 2016 Share Posted April 15, 2016 Even better is $sanitizer->intUnsigned() as id's cannot be negative. 2 Link to comment Share on other sites More sharing options...
DaveP Posted April 15, 2016 Share Posted April 15, 2016 Even better is $sanitizer->intUnsigned() as id's cannot be negative. Which, in plain vanilla PHP is $pageID = abs(intval($id)); 3 Link to comment Share on other sites More sharing options...
Soma Posted April 15, 2016 Share Posted April 15, 2016 Usually like this. $id = (int) $input->post->id; $p = $pages->get("id=$id, template=dings"); if($p->id){ // valid } else { // not valid } 2 Link to comment Share on other sites More sharing options...
horst Posted April 15, 2016 Share Posted April 15, 2016 Soma is right here. It isn't enough to sanitize to an integer, you also need to add some own logic, that reflects what you are expecting. Link to comment Share on other sites More sharing options...
LostKobrakai Posted April 15, 2016 Share Posted April 15, 2016 intUnsigned() is still better, because you won't hit the db for an possibly invalid id, even though negative values might be a rare edgecase. Link to comment Share on other sites More sharing options...
horst Posted April 15, 2016 Share Posted April 15, 2016 Soma is right here. It isn't enough to sanitize to an integer, you also need to add some own logic, that reflects what you are expecting. What I exactly meant is: sanitizing with intUnsigned() and add some own logic (template or equal). Link to comment Share on other sites More sharing options...
Soma Posted April 15, 2016 Share Posted April 15, 2016 If negative is a issue at all then if($id){ ... } Link to comment Share on other sites More sharing options...
horst Posted April 15, 2016 Share Posted April 15, 2016 If negative is a issue at all then if($id){ ... } what? please try: foreach(array(-5, -1, 0, 1, 5) as $id) { var_dump((bool)$id); } 3 Link to comment Share on other sites More sharing options...
Soma Posted April 15, 2016 Share Posted April 15, 2016 Ah yes right, negative evals to true. So then correcting mine: if($id > 0){...} But don't see why that would be an issue to have a negative page id it won't find it anyway. 2 Link to comment Share on other sites More sharing options...
LostKobrakai Posted April 15, 2016 Share Posted April 15, 2016 It's not an issue in terms of security, but rather a (probably small) performance consideration. It just prevents an unnecessary mysql query in case a negative int is supplied. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now