jimfog Posted February 16, 2015 Share Posted February 16, 2015 I am using is_numeric to check about some data that go to the server-for validity reason. Given the fact that this is a security issue....how I should handle the case in case is_numeric outputs FALSE? Should I just display an error message to the user...what if this user is a hacker and displaying the precise details and displays to him the cause of the error(in that error message) will reveal details why its attack failed? Link to comment Share on other sites More sharing options...
dsonesuk Posted February 16, 2015 Share Posted February 16, 2015 Well if you give message "your username of 'usename', and 'password' of 'password' which should have been 'god' was incorrect please try again!" Then yes i would worry.What sort of error message we talking about? Server error OR custom error messages, give example. Link to comment Share on other sites More sharing options...
jimfog Posted February 16, 2015 Author Share Posted February 16, 2015 It is an error message returned from the server...as part of validation...I have concluded in this message: Is numeric Error I do not know what drawbacks arise from a message such as this..if any? Link to comment Share on other sites More sharing options...
jimfog Posted February 23, 2015 Author Share Posted February 23, 2015 Well if you give message "your username of 'usename', and 'password' of 'password' which should have been 'god' was incorrect please try again!" Then yes i would worry.What sort of error message we talking about? Server error OR custom error messages, give example. custom error messages...in this case: This is not a number. Link to comment Share on other sites More sharing options...
davej Posted February 23, 2015 Share Posted February 23, 2015 It would probably be helpful if you gave us more context regarding what your form is asking for. If you have a ID field that must be a number between 1 and 12 and the user enters '77' or 'abc' or '-9' then you could supply a response that says "Error: ID is invalid" and you could also perhaps return the focus to the bad field or highlight the bad field. Now if you have a drop-down selector... http://www.w3schools.com/tags/tag_select.asp ...that allows only values of 1 thru 12 and you receive a '77' or 'abc' or '-9' then you know that something odd is going on. In that case you might want to log this in a database table as suspicious activity with the date-time and user ip address. Link to comment Share on other sites More sharing options...
sandeepm Posted February 25, 2015 Share Posted February 25, 2015 use input type="numeric" or onkeypress="return keyRestrict(event,'int')" use this also is_int ( mixed $var ) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now