Good evening. Why the line $this->request->getQuery('param', 'int', null) in the query ?param=-- returns string --. Why?
|
Nov '16 |
5 |
795 |
0 |
$di = new Phalcon\Di\FactoryDefault();
$request = new \Phalcon\Http\Request();
$request->setDI($di);
$_GET["param"] = "--";
var_dump($request->getQuery('param')); // --
var_dump($request->getQuery('param', 'int')); // --
var_dump($request->getQuery('param', 'int!')); // 0
$_GET["param"] = "*(^#%[email protected]&";
var_dump($request->getQuery('param')); // *(^#%[email protected]&
var_dump($request->getQuery('param', 'int')); // 0
var_dump($request->getQuery('param', 'int!')) // 0
var_dump(filter_var("--", FILTER_SANITIZE_NUMBER_INT)); // --
var_dump(filter_var("*(^#%[email protected]&", FILTER_SANITIZE_NUMBER_INT)); // 0
https://docs.phalcon.io/pl/latest/reference/filter.html
int Remove all characters except digits, plus and minus sign.
Yeah, this is odd if you really want to filter out input to be integer / numeric only. In that case, you'd need to use multiple filters:
$num = (int) $this->filter->sanitize($num, ['myCustomFilter', 'alphanum', 'int']);
Source of this custom filter:
//clean %20 URL encoded bytes
$filter->add('myCustomFilter', function ($dat = null){
return rawurldecode($dat);
});