php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57352 FILTER_VALIDATE_INT returns wrong value
Submitted: 2006-11-07 08:54 UTC Modified: 2015-01-09 00:33 UTC
From: troehr@php.net Assigned: pajoye (profile)
Status: Closed Package: filter (PECL)
PHP Version: 5_2 CVS-2006-11-07 OS: Win XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: troehr@php.net
New email:
PHP Version: OS:

 

 [2006-11-07 08:54 UTC] troehr@php.net
Description:
------------
Revision: 1.52.2.25 of filter extension with PHP 5.2.0:

Using filter_var() etc. with FILTER_VALIDATE_INT returns wrong value instead of false.

Reproduce code:
---------------
var_dump(filter_var('2147483648', FILTER_VALIDATE_INT));
var_dump(filter_var('-2147483649', FILTER_VALIDATE_INT));

Expected result:
----------------
bool(false)
bool(false)

Actual result:
--------------
int(-2147483648)
int(2147483647)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-09 12:46 UTC] ilia at prohost dot org
Both are valid numeric values, where is the problem?
 [2006-11-10 05:37 UTC] troehr@php.net
Sure, but it does not tell me whether the specified numeric value is a valid INTEGER. I thought that is what FILTER_VALIDATE_INT is supposed to do!?!

Returning -2147483648 when validating 2147483648 does not seem correct to me.

How can I safely check that a value is theoretically a valid integer so that I can safely cast it to int?
 [2006-11-10 07:33 UTC] pierre dot php at gmail dot com
It is the visual representation of the number or suffering 32bit signed interger limits.

We may clamp it to the max/min integer but it will be equally wrong (but this time both internally than visually). (int)"2147483648" or (int)"-2147483649" both returns: 2147483647 using php directly.

I'm unsure about the best choice, make large numbers invalid may be another solution (and safer). Ilia, what's your preference?
 [2006-11-10 09:04 UTC] troehr@php.net
What about adding FILTER_VALIDATE_NUM for "unlimited" numbers and make FILTER_VALIDATE_INT return false if the int boundaries are exceeded?
 [2006-11-10 10:17 UTC] pierre dot php at gmail dot com
Documentation problem, I will add the overflow behaviors to the filter extension, it is documented elsewhere as well but having in the filter doc will minimize the wtf factor.
 [2013-10-26 18:06 UTC] cmbecker69 at gmx dot de
This bug has been fixed already since PHP 5.2.14 and PHP 5.3.3[1];
values that overflow return false now.

[1] <http://3v4l.org/nuEB8>
 [2015-01-09 00:33 UTC] ajf@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Jul 23 16:01:26 2019 UTC