Updating someone else's old PHP project and I'm unfamiliar with regular expressions.
Question one is: What does this do?
preg_match('/^[0-9]+[.]?[0-9]*$/', $variable)
Question two is: Is this a safe filter for insertion into a mysql DB without mysql_real_escape_string()? I know the answer is prob no, but it is set up to use mysql_real_escape_string() only if this regex doesn't pass.
Thanks.
^ // start of string
[0-9]+ // one or more numbers (could also be \d+)
[.]? // zero or one period (could also be \.?)
[0-9]* // zero or more numbers (could also be \d*)
$ //end of string
So, it makes sure the input is a number, such as 12 or 3.6 (52. will also match). It will not match .35 or 12a6.
It seems safe enough for DB insertion, because it only allows numbers.
It's attempting to match a decimal number (albeit poorly). It doesn't modify $variable anyway, so you would need to escape it properly before passing to MySQL.
That will match a number that has at least one digit before the decimal point (if there is a decimal point). If the value matches this regex, I don't see how it could be unsafe to insert it into the database.
looks if the a exact match. it matches 234234232432343.231313132321 and 2232233223 and 322332. and not .32232 and not
it matches strings that:
It does not sanitise string for database.
It checks if $variable matches this pattern...
^[0-9]+). ([.]?)[0-9]*)$)Is this a safe filter for insertion into a mysql DB without mysql_real_escape_string()?
Assuming the possible use of this variable, I'd say that mysql_real_escape_string() would be quite useless for it.
Need the query assembling code to be certain though.