Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    nfn
    nfn is offline
    New Coder
    Join Date
    Dec 2007
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Fast/Best way to validate string?

    Hi,

    I have a string to include into a SQL Query like this:
    .... AND catID NOT IN (1,3,5) ...

    The variable will have this value:
    $var_catid = "1,3,5";
    ... AND catID NOT IN ('.$var_catid.') ...

    How should I validate this string to ensure that all values are numeric and the string will not blow the query?

    I already test with explode and a loop with is_numeric ... works ok, but I was wondering if this is the best and the fast way to do this.

    Thanks

    N

  • #2
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by nfn View Post
    Hi,

    I have a string to include into a SQL Query like this:
    .... AND catID NOT IN (1,3,5) ...

    The variable will have this value:
    $var_catid = "1,3,5";
    ... AND catID NOT IN ('.$var_catid.') ...

    How should I validate this string to ensure that all values are numeric and the string will not blow the query?

    I already test with explode and a loop with is_numeric ... works ok, but I was wondering if this is the best and the fast way to do this.

    Thanks

    N
    PHP Code:
    if(preg_match("/(\d+\s*,)*\d+\s*/",$var_catid)){
    ...

    not tested, you must ajust the regex if I mess it, many languages, many regex syntax.

    PS: must be at least on number

    best regards
    Last edited by oesxyl; 01-14-2008 at 05:26 PM.

  • #3
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    That wouldn't really ensure that the query doesn't fail.

    PHP Code:
    And CatId IN (2,3,,,,,5***) 

  • #4
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by aedrin View Post
    That wouldn't really ensure that the query doesn't fail.

    PHP Code:
    And CatId IN (2,3,,,,,5***) 
    you are right, I miss the range, thank you

    PHP Code:
    if(preg_match("/([1-5]\s*,)*[1-5]\s*/",$var_catid)){
    ...

    EDIT: mess it again, with +, corrected

    best regards
    Last edited by oesxyl; 01-14-2008 at 05:33 PM.

  • #5
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    I don't think that really changes anything. It has nothing to do with the numbers.

  • #6
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by aedrin View Post
    I don't think that really changes anything. It has nothing to do with the numbers.
    can you give some details, please?

    How should I validate this string to ensure that all values are numeric and the string will not blow the query?
    that's the problem, isn't it?

    best regards

  • #7
    nfn
    nfn is offline
    New Coder
    Join Date
    Dec 2007
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi,

    The there is no numeric limit for the values neither the string:

    ('100,200,1000,...,n)

    Quote Originally Posted by oesxyl View Post
    you are right, I miss the range, thank you

    PHP Code:
    if(preg_match("/([1-5]\s*,)*[1-5]\s*/",$var_catid)){
    ...

    EDIT: mess it again, with +, corrected

    best regards

  • #8
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by nfn View Post
    Hi,

    The there is no numeric limit for the values neither the string:

    ('100,200,1000,...,n)
    PHP Code:
    if(preg_match("/(\d+\s*,)*\d+\s*/",$var_catid)){
    ...

    this is what you need?

    EDIT: I see the big NOT, only now, sorry,

    Rework,

    PHP Code:
    $var_catidre '/(' preg_replace("/,/g","|",$var_catid) . ')/';
    if(!
    preg_match($var_catidre,$catid)){
    ...

    I hope this time I understand the problem,

    I give up, , I change with this but first is correct, not is in the query, is clear I have a bad day,

    best regards
    Last edited by oesxyl; 01-14-2008 at 06:31 PM.

  • #9
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    It depends on the setup, but if the number if IDs is not going to be huge then there is no problem with exploding and casting to integer.

    A regular expression can only quickly ensure it contains numbers/commas, but it will be harder to get it to validate the format.

  • #10
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by aedrin View Post
    It depends on the setup, but if the number if IDs is not going to be huge then there is no problem with exploding and casting to integer.

    A regular expression can only quickly ensure it contains numbers/commas, but it will be harder to get it to validate the format.
    the length of the string could be check before passing to the preg_match and also could be limited the number of the digits in numbers, {6} for example. The regex could be designed for a more complicated constraint for format, but I'm agreed with you, if the regex become more complex could become a pain, and have same speed as a foreach,

    best regards

  • #11
    nfn
    nfn is offline
    New Coder
    Join Date
    Dec 2007
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok,

    I'll stay with the foreach!

    Thanks, N


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •