Validating IDs in php using intval ()?

PHP
1

Hi Everyone,

I’m trying to figure out the correct syntax when trying to validate this line of code using intval ().

$id = ereg_replace("[^0-9]", "", $_GET['id']); // filter everything but numbers for security
if ($id == "") {
	echo "Missing Data to Run";
	exit();
}

Below is what I think is the correct syntax but I’'m getting an error message and I’m not sure what I’m doing wrong.
http://whatsmyowncarworth.com/more-practice/member_profile.php?id=10
Error message “Missing Data to Run”

(I think this is the correct way but my syntax is wrong. What’s the correct syntax?)

$id = $_GET['id'] = 1;
if (filter_var($id, FILTER_VALIDATE_INT) !== false)
{
  echo "Missing Data to Run";
  exit();
}

Any help would be appreciated! Thanks everyone!

2

Did you try to echo $id and see what it contains?

3

Hi,

Thanks for the reply.

I echo’ed out the $id and I got the 1.

http://whatsmyowncarworth.com/more-practice/member_profile.php?id=10
“Missing Data to Run1”

>>>>>>>>>>>>

then I deleted the ! infront of the == false and now I’m getting this error

$id = $_GET['id'] = 1;
if (filter_var($id, FILTER_VALIDATE_INT) == false)
{
  echo "Missing Data to Run";
  echo $id;
  exit();
}

Warning: Cannot modify header information - headers already sent by (output started at /home/scm22ri/public_html/whatsmyowncarworth.com/more-practice/member_profile.php:18) in whatsmyowncarworth.com/more-practice/login-from-page.php on line 30

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

I must admit. I’m lost here and not sure what to do next. Any pointers?

PHP Syntax on member_profile.php page

<?php
session_start(); // Must start session first thing

// See if they are a logged in member by checking Session data
$toplinks = "";
if (isset($_SESSION['id'])) {
	// Put stored session variables into local php variable
    $userid = $_SESSION['id'];
    $username = $_SESSION['username'];
	$toplinks = '<a href="member_profile.php?id=' . $userid . '">' . $username . '</a> &bull;
	<a href="member_account.php">Account</a> &bull;
	<a href="logout.php">Log Out</a>';
} else  {
	$toplinks = '<a href="join_form.php">Register</a> &bull; <a href="login.php">Login</a>';
}
?>

<?php
// Use the URL 'id' variable to set who we want to query info about
/* $id = ereg_replace("[^0-9]", "", $_GET['id']); // filter everything but numbers for security
if ($id == "") {
	echo "Missing Data to Run";
	exit();
} */

$id = $_GET['id'] = 1;
if (filter_var($id, FILTER_VALIDATE_INT) == false)
{
  echo "Missing Data to Run";
  echo $id;
  exit();
}

//Connect to the database through our include
include_once "connect_to_mysql.php";
// Query member data from the database and ready it for display
$sql = mysql_query("SELECT * FROM members WHERE id='$id' LIMIT 1");
$count = mysql_num_rows($sql);
if ($count > 1) {
	echo "There is no user with that id here.";
	exit();	
}
while($row = mysql_fetch_array($sql)){
$username = $row["username"];
$country = $row["country"];
$state = $row["state"];
$city = $row["city"];
$accounttype = $row["accounttype"];
$bio = $row["bio"];
// Convert the sign up date to be more readable by humans
$signupdate = strftime("%b %d, %Y", strtotime($row['signupdate']));
}
?>

<?php include('login-from-page.php'); ?>