php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41105 FILTER_FLAG_ALLOW_{HEX,OCTAL} do nothing
Submitted: 2007-04-16 15:53 UTC Modified: 2007-04-16 16:18 UTC
From: dohpaz at gmail dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.2.1 OS: Linux 2.6.18.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dohpaz at gmail dot com
New email:
PHP Version: OS:

 

 [2007-04-16 15:53 UTC] dohpaz at gmail dot com 
Description:
------------
The problem I am facing is that filter_var(), coupled with FILTER_FLAG_ALLOW_{HEX,OCTAL} flags, is not working as I would expect. I would expect that using either of those flags would only allow their respective notations. Instead, they pretty much do nothing. I can call filter_var() using the FILTER_VALIDATE_INT, and any combination of filter flags, and get the same exact results each time. This is deomonstrated below:

1. filter_var(42, FILTER_VALIDATE_INT): int(42) (Expected integer value 42)
2. filter_var(42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX): int(42) (Expected boolean value FALSE)
3. filter_var(0x42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX): int(66) (Expected integer value 66)
4. filter_var(0x42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_OCTAL): int(66) (Expected boolean value FALSE)

So I guess my question is, what is the point of having these seperate flags that seemingly do nothing? Maybe this is a lack of _GOOD_ documentation in the PHP manual, but I would expect to be able to use filter_var() to distinguish between numbers using different bases. Afterall, 42 is not the same as 0x42, or 042.

Finally, why is filter_var() just limited to three base systems? Wouldn't it make much more sense for there to be an option, perhaps called 'base', that would allow any arbitrary base (2, 13, 8, 16, etc) and validate the input on that? 

Reproduce code:
---------------
1. <?php var_dump(filter_var(42, FILTER_VALIDATE_INT)); ?>
2. <?php var_dump(filter_var(42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX)); ?>
3. <?php var_dump(filter_var(0x42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX)); ?>
4. <?php var_dump(filter_var(0x42, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_OCTAL)); ?>


Expected result:
----------------
1. 42 (as expected)
2. FALSE (got 42 instead)
3. 66 (as expected)
4. FALSE (got 66 instead)

Actual result:
--------------
1. 42
2. 42
3. 66
4. 66

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-16 16:06 UTC] tony2001@php.net 
0x42 is already parsed by PHP itself and it's apparently equal to 66.
"0x42" is what you need to use.
 [2007-04-16 16:18 UTC] dohpaz at gmail dot com 
Ok, that makes more sense. However, if I try to do an identical comparison (===) between what filter_var() returns and my original value, I get false. 

<?php
    var_dump(filter_var("0x42", FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX) === "0x42");
?>

Since most other validations return the original content as a success, I would expect the same in this case also. Advise if I should open a new ticket for this scenario or not.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 07:01:27 2024 UTC