The David Walsh Blog

PHP: Validating Numeric Values and Digits

Written by David Walsh on November 21, 2008 · 16 Comments

I've inherited a lot of code where the previous developer used PHP's is_numeric() and it's gotten them into trouble. There's a big difference between validating that a value is numeric and validating that a value is all digits. Here's how to validate the two:

/* numeric, decimal passes */
function validate_numeric($variable) {
	return is_numeric($variable);
}

/* digits only, no dots */
function is_digits($element) {
	return !preg_match ("/[^0-9]/", $element);
}

A customer number, for example, should not have any decimal points but using is_numeric() would let a decimal value pass the test. Don't be this guy!

Related Posts

  1. Format Date Fields Using MySQL DATE_FORMAT()
  2. Tips for Protecting Querystring Keys & Values in PHP
  3. Whitelisting: You Set The Rules For Security
  4. Determining Object Type with MooTools’ typeOf
  5. Introducing MooTools Dotter

Comments

  1. Miroslav Ivanov November 21, 2008

    Why don’t you use ctype_digit() instead of this preg_match()? It’s faster =)

  2. Mark November 21, 2008

    \d is shorthand for [0-9]

  3. david November 21, 2008

    @Mark: Damnit Sanborn — I’m going to make you write a regex tutorial for me! :)

  4. Josh November 21, 2008

    why not just check if it’s an integer and if it’s a string of numbers just check if intval($num) == $num ? I tend to stray away from regex if possible.

  5. Brian November 21, 2008

    You could also use PHP’s built-in function ctype_digit() which will return true only if all characters in the value it is passed are numeric. i.e. 1234 would return true, 1,234 returns false, 1.234 returns false.

  6. Brenley Dueck November 21, 2008

    I have definitely have seen people misuse the is_numeric function as well.

    @david – a regex tutorial would be great. You can always learn something new…

  7. Rikki November 21, 2008

    Why would you create a new function that returns is_numeric, given that your new function name is longer than typing ‘is_numeric’ anyway?

  8. Chris November 21, 2008

    You can use is_int() to find out if it’s an integer instead of a regexp or having to compare using intval() (as suggested above). The only catch with this is that is must fit within the integer type range so you may still need to use a regexp if it’s a really long number.

    And I’m a little confused why you’d wrap is_numeric() inside another function call when all the wrapper function does is return the value from is_numeric()

  9. Alex November 22, 2008

    Josh, you can use the ctype php function :)

    (why my older post were deleted?)

  10. David November 22, 2008

    Actually you can use is_int() if your using the is_* functions. However Alex is right and the ctype functions are better.

  11. Elkalidi Abdelkader November 23, 2008

    to check numeric variable and lenth of variable = 4 numbers:

    preg_match(“#^[0-9]{4}$#”,$variable)

    exemple :
    $year = preg_match(“#^[0-9]{4}$#”,$variable) ? $variable : date(“Y”);

    You can remplace {4} by {1,4} to check if variable is between 1 and 4 numbers

  12. endryou December 16, 2008

    One important detail about ctype_digit: it accepts string as parameter.
    For example:
    ctype_digit(’5′) === true, but ctype_digit(5) === false.
    So it’s safer to write ctype_digit((string)$my_fancy_var) but again not enough for nulls,
    booleans, objects or resources.

  13. Allain Lalonde February 3, 2012

    Doesn’t ‘/[0-9]+/’ equate to contains or or more consecutive digits. For all, I think you probably need ‘/^[0-9]+$/’ or more succinctly ‘/^\d+$/’.

    Kudos to Elkalidi Abdelkader for using them but it doesn’t hurt to be explicit.

  14. Joseph Sileo February 17, 2013

    For those interested in finding a valid date, I found an issue where PHP errors would be thrown with Checkdate(m,d,y) so I did this
    if (empty($_POST['theyear'])) { //For me this was optional so for validating I allowed the field to be blank…
    $yearcheck = ’2000′; //…but would need to still enter a year into the check (any year will work but I picked one that included leap years)
    }else//there is a data in the year field
    if (is_numeric($_POST['theyear']) //Is it a number?
    and strpos(‘.’, $_POST['theyear'])==false //Is there a decimal in the number?
    and strlen($_POST['theyear'])==4) { //Is the number 4 digits long?
    $yearcheck = $_POST['theyear']; //Passed the test, checked this date
    }else //didn’t pass the test so….
    $yearcheck = ’0000′; //this year will always be valid on the PHP side BUT will cause checkdate() to always return false.
    if (checkdate($_POST['themonth'], $_POST['thedate'], $yearcheck)==false //checks if the month date year combination is right…
    and !empty($_POST['grr_group_year'])) //…but only if we are entering a date to begin with
    $messages[] = __(‘Date is not valid!’, ‘my_page’); //My custom warning (at first I had it return the little poem for the number of dates in a month)

    I realize it is kind of off topic but if you combine strpos for ‘.’ and is_numeric() it should work the same.

  15. Joseph Sileo February 17, 2013

    EDIT: grr_group_year should be theyear. I missed that when I stripped my own code out of my example.

  16. Checking for a whole number in php – An authentic perspective March 19, 2013

    [...] Credit for the function due to http://davidwalsh.name/php-validatie-numeric-digits [...]

Be Heard

Tip: Wrap your code in <pre> tags or link to a GitHub Gist!

Use Code Editor
Older
Simple Username Creation Validation with PHP
Newer
Submit a Form to a New Window