PHP is_numeric or preg_match 0-9 validation

php validation preg-match isnumeric
no. picture no. · Oct 4, 2011 · Viewed 198.6k times · Source

This isn't a big issue for me (as far as I'm aware), it's more of something that's interested me. But what is the main difference, if any, of using is_numeric over preg_match (or vice versa) to validate user input values.

Example One:

<?php
    $id = $_GET['id'];
    if (!preg_match('/^[0-9]*$/', $id)) {
        // Error
    } else {
        // Continue
    }
?>

Example Two:

<?php
    $id = $_GET['id'];
    if (!is_numeric($id)) {
        // Error
    } else {
        // Continue
    }
?>

I assume both do exactly the same but is there any specific differences which could cause problems later somehow? Is there a "best way" or something I'm not seeing which makes them different.

Answer

Spudley picture Spudley · Oct 4, 2011

is_numeric() tests whether a value is a number. It doesn't necessarily have to be an integer though - it could a decimal number or a number in scientific notation.

The preg_match() example you've given only checks that a value contains the digits zero to nine; any number of them, and in any sequence.

Note that the regular expression you've given also isn't a perfect integer checker, the way you've written it. It doesn't allow for negatives; it does allow for a zero-length string (ie with no digits at all, which presumably shouldn't be valid?), and it allows the number to have any number of leading zeros, which again may not be the intended.

[EDIT]

As per your comment, a better regular expression might look like this:

/^[1-9][0-9]*$/

This forces the first digit to only be between 1 and 9, so you can't have leading zeros. It also forces it to be at least one digit long, so solves the zero-length string issue.

You're not worried about negatives, so that's not an issue.

You might want to restrict the number of digits, because as things stand, it will allow strings that are too big to be stored as integers. To restrict this, you would change the star into a length restriction like so:

/^[1-9][0-9]{0,15}$/

This would allow the string to be between 1 and 16 digits long (ie the first digit plus 0-15 further digits). Feel free to adjust the numbers in the curly braces to suit your own needs. If you want a fixed length string, then you only need to specify one number in the braces.

Hope that helps.

Related questions

php only allow letters, numbers, spaces and specific symbols using pregmatch

on my php i use preg_match to validate input texts. if(preg_match('/^[a-zA-Z0-9]+$/', $firstname)) { } But this only allows alphanumeric and does not allow spaces. I want to allow spaces, alpha and numeric. and period(.) and …

Read More
Validate that input is in this time format - "HH:MM"

I'm trying to use preg_match to validate that a time input is in this format - "HH:MM"

Read More
Regex for finding valid filename

I want to check whether a string is a file name (name DOT ext) or not. Name of file cannot contain / ? * : ; { } \ Could you please suggest me the regex expression to use in preg_match()?

Read More