phpeveryday.com

The best tutorial of php, php framework, php strategies, object oriented oriented,


PHP Security: Validating Number

Tag: security, validation, number, integer, float   Category: PHP Security
post: 27 Feb 2008 read: 316


PHP Security Number Validation Tips - Part 1: You get a project about accounting system. Your client is big company. They produce exclusive secure car for militer. The price is $ 100,000. One day, they get order from departement of defence all the world. Total order 200,000! But, they become too panic. Not about order, but your software really make them mad. Why?

Accounting staff enter number: 200,000. One car is $100,000. When they try to produce report, total omzet become: 

 
-1474836480
What's going on? Total omzet must be: 
 
100,000 * 200,000 = 20,000,000,000
Let's analyze what happen. You write code like this: 
 
<?php
echo (int)($price * $order);
?>
Oh, this is problem source. You just limit them with integer. When they input like this: 
 
<?php
$price = 100000;
$order = 200000;
echo (int)($price * $order);
?>
The result is -1474836480. The maximum value that can be contained in a PHP integer depends on the bit-size of your processor. On 32-bit systems, the largest integer is a mere 2,147,483,647. for this jobs, you can use like this: 
 
<?php
$price = 100000;
$order = 200000;
echo (float)($price * $order);
?>
You client should be more bigger. But, because your software, they can be bankrupt. he he he...


| Give Your Opinion | Recommend
Share and Bookmark to: These icons link to social bookmarking sites where readers can share and discover new web pages.
digg del.icio.us technorati Ma.gnolia BlinkList

Recommended articles by other readers:
Web Services: How PHP Kiss VB.NET? (Part 1)
Chart: How to Build Cool Animation Real Time Chart
Joomla: Fast Road to Understand Component Programming
Email: Send Attachement Mail
mod_rewrite - Part 1: create your "fantasy" URL

What do You Think?
Your Name *:
Email *:
(Will not be published)
Website/URL:
Your Comment *:
* Required


615
posting