[thelist] IsNumeric() vs. Val()
.jeff
jeff at members.evolt.org
Wed Feb 27 01:54:01 CST 2002
erik,
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Erik Mattheis
>
> > Val(), on the other hand, attempts to return a number
> > from a string that's passed to it. if it can't
> > convert, it returns 0 (zero). in and of itself, this
> > can be used as a boolean check as well since 0 is
> > false and anything else is true. a word of caution
> > with the use of Val() though, it can't handle integers
> > of more than 10 digits long. the following:
>
> Duh, I feel silly ... long, extended brain fart. A few
> months ago I looked at some code I think you wrote and
> saw you used Val() which I've never used so looked it
> up ... I was thinking of it in the context of using it
> to make sure something was a number before I used it in
> a query ... so in my mind Val did nothing but 0 == false
> and [anything else] == true.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
yup, that's one of the things you can do with it.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> Is there a reason why evolt.org Val() instead of
> IsNumeric() to do this validation?
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
for exactly the reason you mention. it's one way of keeping hooligans from
monkeying with a url that passes an id and trying to append malicious sql
code. using the Val() function removes all that crap, leaving only the
leading id. for example:
Val('27; DELETE FROM content')
would result in
27
so, for me it serves double-duty -- data-type restriction and data-type
validation/boolean checking.
make sense?
.jeff
http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/
More information about the thelist
mailing list