I’ve been wanting to write about PHP’s is_numeric() built-in function partly because I forgot all about it one day while validating one of my forms.
I get super anal about form validation because if it’s anything that’ll make or break your web application it’s security. Something dirty gets through your form it’s game over – or just bad data, bad quality. This means bad user experience – see how this kind of thing can trickle down through your application you worked so hard on?
So when I think validating against numbers in PHP, I think of data types. I remember my first programming jobs in the industry was a super low position at a start up company back in 2005. Don’t let the job position fool you though, this job as “web coder” as they called it those days (cause they couldn’t think of what to call it) was filled with golden nuggets – I would carry this toolset around wherever I would go and it has served me well. Anyway, I overheard the CTO of the company say one important phrase that seemed to stick with me to this day –
Know your data types.
Yeah. That’s it. Ofcourse, I didn’t really know what that meant without experience – without breaking code or getting heat from managers for a projects delay. I learned over time how essential and fundamental knowing your data types were in programming, in any language. Data types are kind of squeezed in the stack between your development environment and the actual logic you write, so you have to keep this entire model in your head. And you know how easy it is for data types to slip through the cracks.
So when I think of is_numeric() I think of is_int, is_null(), empty(), isset() – other built in functions brought to you by PHP. The thing with each of them though is that they kind of overlap and at the same time you have to think about what is considered empty in PHP. For instance, “0” is considered false and empty in PHP. But “0” is a number so how do you check for that?
Well is_numeric came to the rescue during one of my late nights of endless programming.
<?php
$number = 0;
if (is_numeric($number)) {
echo 'is number';
} else {
echo 'not a number';
}
The above yields “is number” – that’s pretty sweet I think.
But something to keep in mind is that the below will yield “not a number” – yeah, but see it is a number. “0” is a number.
$number = 0;
if (!empty($number)) {
echo 'is number';
} else {
echo 'not a number';
}
So expanding this further given a scenario where you want to check if a field is empty and also make sure it’s a number and 0 is permitted, I came up with the following.
$number = 0;
if (empty($number) && !is_numeric($number)) {
echo 'not a number';
} else {
if(!is_numeric($number)) {
echo 'this field only accept numbers';
} else {
echo 'passes test';
}
}
The above code will output “passes test” which is what we want. We want to capture that “0” as a number value. Now whether you want to type cast it as an int for good measure that’s up to you.
It gets even tricker when you want to allow for whole positive numbers and decimal numbers for a given field. How would that play out? Then you’ll have to store this in the database – it gets pretty hairy. I’ll cover this on another, stay tuned.