Add function sanitize_id_or_zero for validating and sanitizing input

integers that may hold an ID or a 0 Example use case: Event parts in musdb.
2020-08-21 13:58:24 +02:00 · 2020-08-21 13:58:24 +02:00 · 566590135b
commit 566590135b
parent bdee1e9aee
1 changed files with 29 additions and 1 deletions
--- a/MD_STD_IN.php
+++ b/MD_STD_IN.php
@ -11,7 +11,8 @@ declare(strict_types = 1);
 class MD_STD_IN {

    /**
-     * Generic sanitization function for input strings.
+     * Validates and sanitizes input integers to be in line with MySQL
+     * autoincrement IDs.
     *
     * @param mixed $input Input string.
     *
@ -35,6 +36,33 @@ class MD_STD_IN {

    }

+    /**
+     * Sanitizes and validates input integers to be either valid IDs or 0.
+     *
+     * @param mixed $input Input string.
+     *
+     * @return integer
+     */
+    final public static function sanitize_id_or_zero($input):int {
+
+        if ($input === "") return 0;
+
+        $input = filter_var($input, FILTER_VALIDATE_INT, [
+                'options' => [
+                    'min_range' => 0,           // Minimum number of an ID generated.
+                    'max_range' => 4294967295   // Max value for MySQL's int data type
+                ],
+            ]
+        );
+
+        if ($input === null) {
+            throw new MDpageParameterNotNumericException("Value is not numeric.");
+        }
+
+        return $input;
+
+    }
+
    /**
     * General string sanitization for all purposes. For use of inputs with MySQL's
     * MATCH AGAINST, use the dedicated sanitization function.