Author |
Message |
Donovan
Client
Joined: Oct 07, 2003
Posts: 735
Location: Ohio
|
Posted:
Thu Nov 29, 2007 9:28 am |
|
Is there any preferred way to validate decimal values before writing them to the db?
Currently I have..
$irat_wt = $_POST['irat_wt'];
$grat_wt = $_POST['grat_wt'];
$appex_wt = $_POST['appex_wt'];
but all _POST values are a string aren't they?
These variable will hold the values of what weights of test results for different exam.
irat = individual readiness test
grat = group readiness test
appex = application exercise
Right now they are all data type decimal (3,2).
They will vote at the beginning of each year and decide how much the irat, grat, and appex is worth to their overall grade.
I was using values such as irat = 0.20, grat = 0.40, appex = 0.40
If I edit these values I want to ensure I validate the data before I update the table.
I guess I can decrease the length of the data type to 2,2 so I only have values such as .20 and .40.
Will intval() suffice? |
|
|
|
|
gotcha
Regular
Joined: Mar 14, 2005
Posts: 91
|
Posted:
Thu Nov 29, 2007 10:06 am |
|
intval will turn it into a whole number, removing the decimal point. I think the function you want to look at is number_format(). |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
Posted:
Thu Nov 29, 2007 2:04 pm |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
Posted:
Fri Nov 30, 2007 10:08 pm |
|
Raven tends to recommend the PHP ctype functions. Some reasons why:
"It should be noted that ctype functions are always preferred over regular expressions, and even to some equivalent str_* and is_* functions. This is because of the fact that ctype uses a native C library and thus processes significantly faster."
I could have sworn too that they are "rock solid", but I cannot recall the reference. |
_________________ Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... |
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
Posted:
Fri Nov 30, 2007 10:19 pm |
|
Unfortunately there is no ctype function for floating point numbers.
If you are trying to prevent SQL injection and you know the value should be a float, I would use floatval() like evaders suggests. That will turn the string into a float, or 0 if it isn't a float. Then you could use sprintf to format it the way you want for the SQL query.
Code:
$x = sprintf('%5.2f', floatval($x));
$sql = "UPDATE ........... SET something = $x";
|
|
_________________ GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module |
|
|
|
montego
|
Posted:
Sat Dec 01, 2007 9:07 am |
|
Ah, yes, sorry. That is a bummer |
|
|
|
|
|