php url parameters check

Question

I'm creating a website that relies on $_GET to function correctly. It works like this: http://www.example.com/show?q=14&i=48 q and i are IDs on MySQL server that must be fetched using mysql_query() and the like. Parameters are always integers.

If someones type the url without any parameters both PHP and MySQL yells errors. PHP for undefined variable(s) and MySQL for incorrect syntax.

What i've tried so far doesn't works i always get "Error";

if (is_int($_GET['q']) AND is_int($_GET['i']))
{
 echo "All good.";
}
else
{
 echo "Error.";
}

What am i doing wrong here.

Thanks, atno

Answer 1

You should use is_numeric instead of is_int.
is_int returns false for numeric strings.

Downside is that the is_numeric function also returns true for numbers like "1.5". If you don't want that, you can check the function here

Answer 2

That's because you're checking the type of the variable and not its content. Anything coming from a query string via $_GET is considered a string, so you should use ctype_digit() instead if is_int(), and also checking if the values are present with empty().

Answer 3

You should try the isset($_GET[q])

if(isset($_GET[q]) && isset($_GET[i])){

}