php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52884 FILTER_VALIDATE_INT treats float as integer
Submitted: 2010-09-18 21:49 UTC Modified: 2010-09-19 00:25 UTC
From: marcus at t3sec dot info Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: Irrelevant OS: Ubuntu 8.04.4 LTS
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: marcus at t3sec dot info
New email:
PHP Version: OS:

 

 [2010-09-18 21:49 UTC] marcus at t3sec dot info
Description:
------------
PHP's filter extension erroneous validates a float (10.) as integer.

The observed behaviour in filter extension is not consistent to is_int()/is_float() type checks whereas 10. is reported to be float.

In addition, the formal structure of integers *1) does not mention dots to be part of a valid integer.



*1) http://www.php.net/manual/en/language.types.integer.php

Environment:
Server OS: Ubuntu 8.04.4 LTS
PHP package in use: 5.2.4-2ubuntu5.10

Test script:
---------------
$variableToTest = 10.;

echo "This variable type is " . (is_int($variableToTest) ? 'integer' : 'not integer') . "!\n";
echo "This variable type is " . (is_float($variableToTest) ? 'float' : 'not float') . "!\n";

	// validate integer
echo "This variable is considered to be " . ((FALSE !== filter_var($variableToTest, FILTER_VALIDATE_INT)) ? 'integer' : 'not integer') . "!\n";
echo "This variable is considered to be " . ((FALSE !== filter_var((string)$variableToTest, FILTER_VALIDATE_INT)) ? 'integer' : 'not integer') . "!\n";

	// validate float
echo "This variable is considered to be " . ((FALSE !== filter_var($variableToTest, FILTER_VALIDATE_FLOAT)) ? 'float' : 'not float') . "!\n";
echo "This variable is considered to be " . ((FALSE !== filter_var((string)$variableToTest, FILTER_VALIDATE_FLOAT)) ? 'float' : 'not float') . "!\n";

Expected result:
----------------
This variable type is not integer!
This variable type is float!
This variable is considered to be not integer!
This variable is considered to be not integer!
This variable is considered to be float!
This variable is considered to be float!

Actual result:
--------------
This variable type is not integer!
This variable type is float!
This variable is considered to be integer!
This variable is considered to be integer!
This variable is considered to be float!
This variable is considered to be float!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-09-18 22:45 UTC] cataphract@php.net
-Status: Open +Status: Bogus
 [2010-09-18 22:45 UTC] cataphract@php.net
The goal of FILTER_VALIDATE_INT is not to replicate the behavior of is_int.

The filter extension aims to validate and sanitize string values. "(double) 10." is converted to the "10" (following the normal conversion to string rules) and that's what is validated as an integer.

Notice that "10." (string) is not validated as an integer.
 [2010-09-18 23:59 UTC] marcus at t3sec dot info
We're talking about a validation filter here. And I consider 10. not to be an integer.

Could you please present any other variable value that does not follow the structure of an integer (http://www.php.net/manual/en/language.types.integer.php
) but validates as integer in ext/filter?

In addition, why does following piece of code neither validates the variable to test as integer nor as float:

$variableToTest = '0x' . dechex(10) . '.';
$options['flags'] = FILTER_FLAG_ALLOW_HEX;
echo "This variable is considered to be " . ((FALSE !== filter_var($variableToTest, FILTER_VALIDATE_INT, $options)) ? 'integer' : 'not integer') . "!\n";
echo "This variable is considered to be " . ((FALSE !== filter_var($variableToTest, FILTER_VALIDATE_FLOAT, $options)) ? 'float' : 'not float') . "!\n";

If you validate 10. as integer, I would expect you to validate 0xa. as integer too.

Don't take it as offense but I don't care what conversions are done. I'm interested in a reproducible and consistent behaviour.
 [2010-09-19 00:25 UTC] cataphract@php.net
If you want to know whether the type of a variable is an integer, use "is_int".

The purpose of the filter extension is to validate strings such as those coming from a form submission, database (depending on the API) or XML documents. Whether you think this is a good decision or not is irrelevant; that was the design decision that was made.

Again, you are not validating 10. as integer, you are validating "10" as integer because the filter extension validates strings. Numbers with radix points do not pass validation; that includes "0xa." and "10.".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 17 09:01:30 2024 UTC