问题
I'm getting a string from a $_GET and I want to test if it could be a boolean, before I use it for a part of a mysql query. Is there a better way of doing it than:
function checkBool($string){
$string = strtolower($string);
if ($string == "true" || $string == "false" ||
$string == "1" || $string == "0"){
return true;
}
else {
return false;
}
}
if (checkBool($_GET['male'])){
$result = mysql_query(
"SELECT * FROM my_table " .
"WHERE male='".$_GET['male']."'") or die(mysql_error());
}
回答1:
There's, by the way, a cleaner way of writing it:
function checkBool($string){
$string = strtolower($string);
return (in_array($string, array("true", "false", "1", "0", "yes", "no"), true));
}
But yes. The one you wrote down is the only way.
回答2:
You can either use is_bool() or as suggested on php.net:
<?php
$myString = "On";
$b = filter_var($myString, FILTER_VALIDATE_BOOLEAN);
?>
http://php.net/manual/en/function.is-bool.php
The latter one will accept strings like "on" and "yes" as true as well.
回答3:
No you got it, there isn't anything more you can do, you got all possible values that would normally be considered as true or false and you're doing the comparison the right way, you COULD optimize it using an IN_ARRAY maybe, but even so, i find this version quite good already.
回答4:
If you use the flag FILTER_NULL_ON_FAILURE, filter_var() will work nicely:
function CheckBool($Value) {
return null !== filter_var($Value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
}
回答5:
Your checkBool() is quite right, IMHO, though there's a problem with the resulting SQL code. You can use TRUE and FALSE, but you must be aware that they aren't strings:
The constants TRUE and FALSE evaluate to 1 and 0, respectively. The constant names can be written in any lettercase.
So where it says this:
"SELECT * FROM my_table WHERE male='".$_GET['male']."'"
... it should say this:
'SELECT * FROM my_table WHERE male='.$_GET['male']
It'd feel better if checkBool() was actually convertToBool() and you would feed your query with its result value rather than the original $_GET, but your code is not really wrong.
BTW, I'm assuming that you are using a BOOL column type. This is what the manual says:
These types are synonyms for TINYINT(1). A value of zero is considered false. Nonzero values are considered true
Of course, it's up to you whether to use BOOL, ENUM, CHAR(1) or anything else, as well as whether to accept 33 as synonym for TRUE ;-)
回答6:
For what it's worth, if you really wanted to accept "yes" or "no" as valid input from the user, then I'd do something like this:
function toBoolean($string){
$string = strtolower($string);
if ($string == "true" || $string == "1"|| $string == "yes" )
return true;
elseif ($string == "false" || $string == "0" || $string == "no")
return false;
else
throw new Exception("You did not submit a valid value, you naughty boy");
}
try {
$query = "SELECT * FROM my_table WHERE male=" . (toBoolean($_GET['male']) ? "1" : "0" );
$result = mysql_query($query) or die(mysql_error());
} catch (Exception $e) {
// handle bad user input here
}
回答7:
You can use is_bool to test your string:
if(is_bool($val)){
// is boolean
}else{
// not a boolean
}
来源:https://stackoverflow.com/questions/8272723/test-if-string-could-be-boolean-php