theBartender theBartender - 2 months ago 17
PHP Question

PHP validation kinda works BUT

So in the form I have this input

<input type="text" name="squareFoot" value="<?PHP if(isset($_POST['squareFoot'])) echo $squareFoot ?>"><span class="error_message"><?PHP echo " " . $squareFootError; ?></span>


And here's my validation (which is yes above the form)

if(isset($_POST['submit'])){

$isSubmitted = true;

$squareFoot = $_POST['squareFoot'];
$squareFoot = filter_var($squareFoot, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
$squareFoot = filter_var($squareFoot, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND);
$squareFoot = filter_var($squareFoot, FILTER_SANITIZE_SPECIAL_CHARS);

if(!is_numeric($squareFoot)){
$isValid = false;
$squareFootError = "Please enter a numeric value";
}

else if(empty($squareFoot)){
$isValid = false;
$squareFootError = "Please enter a numeric value";
}

else if($squareFoot < 200){
$isValid = false;
$squareFootError = "Please enter a number between 200 and 500,000";
}

else if($squareFoot > 500000){
$isValid = false;
$squareFootError = "Please enter a number between 200 and 500,000";
}

else{
/// do math (code not shown)


// Format Square Footage
$squareFootFormat = number_format($squareFoot, 0, '', ',');

// Display to user
<p>1. Square Footage being stripped <span class="right_al"><?PHP echo $squareFootFormat; ?></span></p>


So I have it set up so that the user can't put in html or script, the user must put in a number that has to be between two numbers, and that number can have a comma.

I also want the user to be able to put in something like 500.5, but when testing 500.5 turns into 5,005.

Is it because of
$squareFootFormat = number_format($squareFoot, 0, '', ',');

Or is something else wrong with it?
I kinda want to keep the number_format() in because it makes the number easier to read if it's some large number like 100,000. Can I do that?
Thanks for helping.

Answer Source

Your filter_var is not going to allow 500.5 as a value.

$squareFoot = filter_var($squareFoot, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_THOUSAND);