PHP uses regular expressions to determine whether it is a number, PHP determines a number method

PHP uses regular expressions to determine whether it is a number, PHP determines a number method_PHP tutorial

WBOY

Release： 2016-07-12 08:56:21

Original

1163 people have browsed it

php uses regular expressions to determine whether it is a number, php determines a number

Two days ago, someone used php injection to submit flash game scores on a friend's website, and then I found the reason. It was found that one parameter was not judged numerically.

Originally, saving game scores is implemented in the form of game.php?ac=save&fgid=1. The fgid is called directly in the php web page without any filtering. Many people use fgid=1 to add a letter (fgid=1a) to achieve some illegal operations.

Suppose there is a game in the gamlist table with an fgid of 102
select gname from gamelist where fgid='102′;
select gname from gamelist where fgid='102a';
In this way, you can successfully find the game name gname, which provides many people with an opportunity

It is recommended that you filter the key parameters. Such as digital regular filtering
Copy code The code is as follows:
if(preg_match("/^d*$/",$fgid)) echo('is a number');
else echo('not a number');

Or use function
Copy code The code is as follows:
if(is_numeric($fgid)) echo('is a number');
else echo('not a number');

An online method to determine whether an ID is a number

Copy code The code is as follows:
$cid = empty($cid)? 1 : intval(preg_replace("/[^-d] [^d]/",'', $cid));

The difference between these two methods is that is_numeric will also treat decimals as numbers, while the previous regular expression will treat decimal points as characters.

Attached are some commonly used regular operations:

Verification number: ^[0-9]*$
Verify n-digit number: ^d{n}$
Verify at least n digits: ^d{n,}$
Verify m-n digit number: ^d{m,n}$
Verify numbers starting with zero and non-zero: ^(0|[1-9][0-9]*)$
Verify a positive real number with two decimal places: ^[0-9] (.[0-9]{2})?$
Verify positive real numbers with 1-3 decimal places: ^[0-9] (.[0-9]{1,3})?$
Verify non-zero positive integers: ^?[1-9][0-9]*$
Verify non-zero negative integers: ^-[1-9][0-9]*$
Verify non-negative integer (positive integer 0) ^d $
Verify non-positive integer (negative integer 0) ^((-d )|(0 ))$
Validate characters of length 3: ^.{3}$
Verify a string consisting of 26 English letters: ^[A-Za-z] $
Verify a string consisting of 26 uppercase English letters: ^[A-Z] $
Verify a string consisting of 26 lowercase English letters: ^[a-z] $
Verify a string consisting of numbers and 26 English letters: ^[A-Za-z0-9] $
Verify a string consisting of numbers, 26 English letters, or underscores: ^w $
Verify user password: ^[a-zA-Z]w{5,17}$ The correct format is: starting with a letter, the length is between 6-18, and can only contain characters, numbers and underscores.
Verify whether it contains characters such as ^%&‘,;=?$”: [^%&‘,;=?$x22]
Verify Chinese characters: ^[u4e00-u9fa5],{0,}$
Verify email address: ^w [- .]w )*@w ([-.]w )*.w ([-.]w )*$
Verify InternetURL: ^http://([w-] .) [w-] (/[w-./?%&=]*)?$ ; ^[a-zA-z] ://(w ( -w )*)(.(w (-w )*))*(?S*)?$
Verification phone number: ^((d{3,4})|d{3,4}-)?d{7,8}$: – The correct format is: XXXX-XXXXXXX, XXXX-XXXXXXXX, XXX-XXXXXXX, XXX -XXXXXXXX, XXXXXXX, XXXXXXXX.
Verify ID number (15 or 18 digits): ^d{15}|d{}18$
Verify the 12 months of a year: ^(0?[1-9]|1[0-2])$ The correct format is: "01"-"09" and "1" "12"
Verify the 31 days of a month: ^((0?[1-9])|((1|2)[0-9])|30|31)$ The correct format is: 01, 09 and 1, 31.
Integer: ^-?d $
Non-negative floating point number (positive floating point number 0): ^d (.d )?$
Positive floating point number ^(([0-9] .[0-9]*[1-9][0-9]*)|([0-9]*[1-9][0-9]*. [0-9] )|([0-9]*[1-9][0-9]*))$
Non-positive floating point number (negative floating point number 0) ^((-d (.d )?)|(0 (.0 )?))$
Negative floating point number ^(-(([0-9] .[0-9]*[1-9][0-9]*)|([0-9]*[1-9][0-9] *.[0-9] )|([0-9]*[1-9][0-9]*)))$
Floating point number ^(-?d )(.d )?