Dr.Mezo
Reputation: 869
is_numeric and isEmail functions
I create field ($login), user should register with email or phone number
So I want to o a security check to validate
Can I use 2 functions at same time ? I tried the following code but it didn't work.
if(!is_numeric || isEmail($login)) {
$mesaj = '<div class="msg"><div class="error">Add Valid Email or Phone Number</div></div>';
}else{
$db->Query("UPDATE `users` SET `login`='".$login."' WHERE `id`='".$data['id']."'");
$mesaj = '<div class="msg"><div class="success">Success</div></div>';
}
Any Idea?
Upvotes: 0
Views: 134
Answers (1)
CommandZ
Reputation: 3633
You have an error in your code: if(!is_numeric || isEmail($login))
You're not making a function call with is_numeric. You need to provide it a parameter: is_numeric($myVar)
You also have a SQL Injection problem in your code. Never concatenate strings to build a query. Use parameterized queries instead.
Possible attack vector:
/***
* Data input from client browser / app
***/
$data['id'] = "0' OR id > 0 OR id = '1";
$login = "', `password`='hacked";
"UPDATE `users` SET `login`='".$login."' WHERE `id`='".$data['id']."'"
Output SQL:
"UPDATE `users` SET `login`='', `password`='hacked' WHERE `id`='0' OR id > 0 OR id = '1'"
Upvotes: 1
Related Questions
- PHP is_numeric or preg_match 0-9 validation
- Why does is_numeric() return false when passed a seemingly numeric string?
- is there perfect way to check isset and is_numeric in 1 condition
- is_int, is_numeric, is_float, and HTML form validation
- PHP Manual: Number Conversion in Is_Numeric Example 1?
- Yii2 validate field as email if is not numeric
- How can I check if form input is numeric in PHP?
- is_numeric function is giving unexpected results
- Validate Integer in Form Input Using is_numeric
- Using is_numeric for form validation