Only numbers and decimal point

Hi guys

IM doing some validation

How can i only allow numbers and decimal points

so this is allowed


this is not


Use the is_numeric() function.

It returns a boolean, true if its a number, false otherwise.

Be aware that is_numeric allows scientific notation. so you may want to check for letters

another way to do it is using regular expressions.

ctype wont work, because he wants to accept also decimals.

In this case his example
49.99 will return negative, this is not what wazo wants


$number = '49.99';

// This is going to be a dollar amount I assume, so you might consider adding a check in to see if $number is > 0 (assuming you don't allow negative amounts of money)

if (preg_match('/^[0-9]+(\\.[0-9]+)?$/', $number)){
    // or more simply:
    // preg_match('/[0-9.]+/', $number)
    echo 'Is a number!';
} else {
    echo 'Not a number!';

You are better off using the built in is_numeric function rather than a regular expression to test for exactly the same thing because the built in function will be faster and you are less likely to make a mistake in the code.

what happens when someone enters a dollar sign or something? is_numeric is broke unless you filter the input. The regex would only require a simple addition.


$input = '44.99';

if (filter_var($input, FILTER_VALIDATE_FLOAT) === false)
	echo 'not allowed';
	echo 'allowed';

You can optionally add flags to allow thing like scientific notation.

Use [B]ctype_digit()[/B]. To avoid users typing a $ sign with the number, include it in the page’s markup:

<label>$ <input type="text" name="value_in_dollars" id="value_in_dollars" size="5" /></label><br />
<small>Don't type a dollar sign ($) in the box. Just numbers please.</small>

And could use JavaScript to warn the user against that too.

I said ctype as well, but didn’t check to make sure it would accept decimals (and it doesn’t).

That won’t work.

Looks like is_numeric() is the way to go. From input is always treated as strings, ctype_digit() ensures that but it check for every character to be decimal, so “.” or “,” for example are not decimal characters so it would return FALSE.

Well if you want to allow non-numerics to be entered (such as $) then testing using is_numeric is not the way to go about it. If all you want to allow is numerics then it is the best way.

If you only want a number, optionally followed by a dot then more numbers, regex is the way to go.

preg_match('/^\\d+(\\.\\d+)?$/D', $number)
// or limit the decimal precision to 2
preg_match('/^\\d+(\\.\\d{1,2})?$/D', $number)

The D flag is important unless you like your numbers to end with a newline character.

No No No. If you only want numbers optionally followed by a decimal point and more numbers is_numeric() is way way way more efficient and less error prone than making your own script to emulate the built machine code.

Yes yes yes.

Example from the manual


Well those are just different ways of specifying numbers. If those numbers are actually invalid then when you test how big or small the number is it will be detected in that test that the number is out of range for what is supposed to be entered. If someone is entering 15 why should you care if they enter it as 15, +15, 15.000, 0x0f, or 15e0 as they are all the same number and will be treated exactly the same way. Forcing your visitors to choose only one of those formats by not allowing the others will just get more of them annoyed at your site and they’ll go to a different site that isn’t so insistent on having numbers entered in a specific format when it doesn’t matter.

Yea, and now you gotta test it for hex, and then convert it to decimal just so that one in a million visitor who likes to enter his form data hex encoded will be happy…or you can proceed on blissfuly ignorant until some part of your application chokes on this string and potentially unexpected side effects happen. Now this sounds error prone.

A sign is very reasonable, but hex and scientific notation are simply ridiculous for your typical web form.