php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57352 FILTER_VALIDATE_INT returns wrong value
Submitted: 2006-11-07 08:54 UTC Modified: 2015-01-09 00:33 UTC
From: troehr@php.net Assigned: pajoye (profile)
Status: Closed Package: filter (PECL)
PHP Version: 5_2 CVS-2006-11-07 OS: Win XP
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: troehr@php.net
New email:
PHP Version: OS:

 

 [2006-11-07 08:54 UTC] troehr@php.net
Description:
------------
Revision: 1.52.2.25 of filter extension with PHP 5.2.0:

Using filter_var() etc. with FILTER_VALIDATE_INT returns wrong value instead of false.

Reproduce code:
---------------
var_dump(filter_var('2147483648', FILTER_VALIDATE_INT));
var_dump(filter_var('-2147483649', FILTER_VALIDATE_INT));

Expected result:
----------------
bool(false)
bool(false)

Actual result:
--------------
int(-2147483648)
int(2147483647)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-09 12:46 UTC] ilia at prohost dot org
Both are valid numeric values, where is the problem?
 [2006-11-10 05:37 UTC] troehr@php.net
Sure, but it does not tell me whether the specified numeric value is a valid INTEGER. I thought that is what FILTER_VALIDATE_INT is supposed to do!?!

Returning -2147483648 when validating 2147483648 does not seem correct to me.

How can I safely check that a value is theoretically a valid integer so that I can safely cast it to int?
 [2006-11-10 07:33 UTC] pierre dot php at gmail dot com
It is the visual representation of the number or suffering 32bit signed interger limits.

We may clamp it to the max/min integer but it will be equally wrong (but this time both internally than visually). (int)"2147483648" or (int)"-2147483649" both returns: 2147483647 using php directly.

I'm unsure about the best choice, make large numbers invalid may be another solution (and safer). Ilia, what's your preference?
 [2006-11-10 09:04 UTC] troehr@php.net
What about adding FILTER_VALIDATE_NUM for "unlimited" numbers and make FILTER_VALIDATE_INT return false if the int boundaries are exceeded?
 [2006-11-10 10:17 UTC] pierre dot php at gmail dot com
Documentation problem, I will add the overflow behaviors to the filter extension, it is documented elsewhere as well but having in the filter doc will minimize the wtf factor.
 [2013-10-26 18:06 UTC] cmbecker69 at gmx dot de
This bug has been fixed already since PHP 5.2.14 and PHP 5.3.3[1];
values that overflow return false now.

[1] <http://3v4l.org/nuEB8>
 [2015-01-09 00:33 UTC] ajf@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 05 16:01:30 2024 UTC