is there any sanitizer for page id ?

[adrianmak]

I could find for pageName only  from api doc

http://processwire.com/api/variables/sanitizer/

[arjen]

How about:

$pageID = $sanitizer->int($id);

or

$pageID = (int) $id;

[horst]

$sanitizer->int() or php natives (int) or intval() will do.

Looking up in tools like API-gen, maintained (with everytime the newest codebase) by Kongondo, is much more faster than asking (such simply code/method related things) in the forums.

I highly suggest to use this. It will save you a lot of time, that you otherwise have to wait until someone other answers your questions.

---

EDIT: Oh damn, - @arjen beats me, while I made the screenshot!

[LostKobrakai]

Even better is $sanitizer->intUnsigned() as id's cannot be negative.

[DaveP]

Even better is $sanitizer->intUnsigned() as id's cannot be negative.

Which, in plain vanilla PHP is

$pageID = abs(intval($id));

[Soma]

Usually like this.

$id = (int) $input->post->id;
$p = $pages->get("id=$id, template=dings");
if($p->id){
    // valid
} else {
   // not valid
}

[horst]

Soma is right here. It isn't enough to sanitize to an integer, you also need to add some own logic, that reflects what you are expecting.

[LostKobrakai]

intUnsigned() is still better, because you won't hit the db for an possibly invalid id, even though negative values might be a rare edgecase.

[horst]

Soma is right here. It isn't enough to sanitize to an integer, you also need to add some own logic, that reflects what you are expecting.

What I exactly meant is: sanitizing with intUnsigned() and add some own logic (template or equal).

[Soma]

If negative is a issue at all then 

if($id){ ... }

[horst]

If negative is a issue at all then 

if($id){ ... }

what?

please try:

foreach(array(-5, -1, 0, 1, 5) as $id) {
    var_dump((bool)$id);
}

[Soma]

Ah yes right, negative evals to true.

So then correcting mine:

if($id > 0){...} 

But don't see why that would be an issue to have a negative page id it won't find it anyway.

[LostKobrakai]

It's not an issue in terms of security, but rather a (probably small) performance consideration. It just prevents an unnecessary mysql query in case a negative int is supplied.