Php uses regular expressions to determine whether a number is used. php determines a number

Php uses regular expressions to determine whether a number is used. php determines a number

Two days ago, someone on a friend's website submitted flash game scores using php injection. Later I found out that there was a parameter that didn't make a numerical judgment.

The originally saved game score is game. php? Ac = save & fgid = 1. fgid is called directly on the php webpage without any filtering. Many users use a letter (fgid = 1a) after fgid = 1 to perform some illegal operations.

Assume that the fgid of a game in the gamlist table is 102.
Select gname from gamelist where fgid = '000000 ′;
Select gname from gamelist where fgid = '102a ';
In this way, you can successfully find the game name gname, which gives many people a chance to take advantage of it.

We recommend that you filter key parameters. Such as digital Regular Expression Filtering
Copy codeThe Code is as follows:
If (preg_match ("/^ \ d * $/", $ fgid) echo ('Number ');
Else echo ('not a digit ');

Or use the Function
Copy codeThe Code is as follows:
If (is_numeric ($ fgid) echo ('Number ');
Else echo ('not a digit ');

How to determine whether an id is a number on the Internet

Copy codeThe Code is as follows:
$ Cid = empty ($ cid )? 1: intval (preg_replace ("/[^-\ d] + [^ \ d]/", '', $ cid ));

The difference between the two methods is that is_numeric decimal points are also considered as numbers, while the first regular expression regards the decimal point as a character.

Some common regular operations are provided:

Verification number: ^ [0-9] * $
Verify the n-digit number: ^ \ d {n} $
Verify at least n digits: ^ \ d {n,} $
Verify m-n digits: ^ \ d {m, n} $
Verify the number starting with zero or zero: ^ (0 | [1-9] [0-9] *) $
Verify the positive number of two decimal places: ^ [0-9] + (. [0-9] {2 })? $
Verify the positive number of 1-3 decimal places: ^ [0-9] + (. [0-9] {1, 3 })? $
Verify a non-zero positive integer: ^ \ +? [1-9] [0-9] * $
Verify a non-zero negative integer: ^ \-[1-9] [0-9] * $
Verify non-negative integer (positive integer + 0) ^ \ d + $
Verify non-positive integer (negative integer + 0) ^ (-\ d +) | (0 +) $
3 characters for verification: ^. {3} $
Verify A string consisting of 26 English letters: ^ [A-Za-z] + $
Verify a string consisting of 26 uppercase letters: ^ [A-Z] + $
Verify a string consisting of 26 lower-case letters: ^ [a-z] + $
Verify a string consisting of digits and 26 English letters: ^ [A-Za-z0-9] + $
Verify a string consisting of digits, 26 English letters, or underscores: ^ \ w + $
Verify User Password: ^ [a-zA-Z] \ w {5, 17} $ the correct format is: it must start with a letter and be between 6 and 18 characters. It can only contain characters, numbers, and underscores.
Check whether ^ % & ',; =? $ \ "And other characters: [^ % & ',; =? $ \ X22] +
Verify Chinese characters: ^ [\ u4e00-\ u9fa5], {0,} $
Verify Email address: ^ \ w + [-+.] \ w +) * @ \ w + ([-.] \ w + )*\. \ w + ([-.] \ w +) * $
Verify InternetURL: ^ http: // ([\ w-] + \.) + [\ w-] + (/[\ w -./? % & =] *)? $; ^ [A-zA-z] +: // (w + (-w +) *) (. (w + (-w + )*))*(? S *)? $
Verification phone number: ^ (\ d {3, 4} \) | \ d {3, 4 }-)? \ D {7,8} $:-the correct format is: XXXX-XXXXXXX, XXXX-XXXXXXXX, XXX-XXXXXXX, XXX-XXXXXXXX, XXXXXXX, XXXXXXXX.
Verify the ID card number (15 or 18 digits): ^ \ d {15} | \ d {} 18 $
12 months of verification: ^ (0? [1-9] | 1 [0-2]) $ the correct format is: "01"-"09" and "1" "12"
31 days of verification for a month: ^ (0? [1-9]) | (1 | 2) [0-9]) | 30 | 31) $ the correct format is: 01, 09, 1, 31.
Integer: ^ -? \ D + $
Non-negative floating point number (Positive floating point number + 0): ^ \ d + (\. \ d + )? $
Positive floating point number ^ ([0-9] + \. [0-9] * [1-9] [0-9] *) | ([0-9] * [1-9] [0-9] * \. [0-9] +) | ([0-9] * [1-9] [0-9] *) $
Non-Positive floating point number (negative floating point number + 0) ^ (-\ d + (\. \ d + )?) | (0 + (\. 0 + )?)) $
Negative floating point number ^ (-([0-9] + \. [0-9] * [1-9] [0-9] *) | ([0-9] * [1-9] [0-9] * \. [0-9] +) | ([0-9] * [1-9] [0-9] *) $
Floating Point Number ^ (-? \ D +) (\. \ d + )?