php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41105 FILTER_FLAG_ALLOW_{HEX,OCTAL} do nothing
Submitted: 2007-04-16 15:53 UTC Modified: 2007-04-16 16:18 UTC
From: dohpaz at gmail dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.2.1 OS: Linux 2.6.18.1
Private report: No CVE-ID: None
 [2007-04-16 15:53 UTC] dohpaz at gmail dot com
Description:
------------
The problem I am facing is that filter_var(), coupled with FILTER_FLAG_ALLOW_{HEX,OCTAL} flags, is not working as I would expect. I would expect that using either of those flags would only allow their respective notations. Instead, they pretty much do nothing. I can call filter_var() using the FILTER_VALIDATE_INT, and any combination of filter flags, and get the same exact results each time. This is deomonstrated below:

1. filter_var(42, FILTER_VALIDATE_INT): int(42) (Expected integer value 42)
2. filter_var(42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX): int(42) (Expected boolean value FALSE)
3. filter_var(0x42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX): int(66) (Expected integer value 66)
4. filter_var(0x42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_OCTAL): int(66) (Expected boolean value FALSE)

So I guess my question is, what is the point of having these seperate flags that seemingly do nothing? Maybe this is a lack of _GOOD_ documentation in the PHP manual, but I would expect to be able to use filter_var() to distinguish between numbers using different bases. Afterall, 42 is not the same as 0x42, or 042.

Finally, why is filter_var() just limited to three base systems? Wouldn't it make much more sense for there to be an option, perhaps called 'base', that would allow any arbitrary base (2, 13, 8, 16, etc) and validate the input on that? 

Reproduce code:
---------------
1. <?php var_dump(filter_var(42, FILTER_VALIDATE_INT)); ?>
2. <?php var_dump(filter_var(42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX)); ?>
3. <?php var_dump(filter_var(0x42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX)); ?>
4. <?php var_dump(filter_var(0x42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_OCTAL)); ?>


Expected result:
----------------
1. 42 (as expected)
2. FALSE (got 42 instead)
3. 66 (as expected)
4. FALSE (got 66 instead)

Actual result:
--------------
1. 42
2. 42
3. 66
4. 66

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-16 16:06 UTC] tony2001@php.net
0x42 is already parsed by PHP itself and it's apparently equal to 66.
"0x42" is what you need to use.
 [2007-04-16 16:18 UTC] dohpaz at gmail dot com
Ok, that makes more sense. However, if I try to do an identical comparison (===) between what filter_var() returns and my original value, I get false. 

<?php
    var_dump(filter_var("0x42", FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX) === "0x42");
?>

Since most other validations return the original content as a success, I would expect the same in this case also. Advise if I should open a new ticket for this scenario or not.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Nov 28 03:03:14 2021 UTC