Get via App Store Read this post in our app!

## PHP is_numeric or preg_match 0-9 validation

This isn’t a big issue for me (as far as I’m aware), it’s more of something that’s interested me. But what is the main difference, if any, of using is_numeric over preg_match (or vice versa) to validate user input values.

I assume both do exactly the same but is there any specific differences which could cause problems later somehow? Is there a “best way” or something I’m not watching which makes them different.

## 11 Answers

is_numeric() tests whether a value is a number. It doesn’t necessarily have to be an integer however – it could a decimal number or a number in scientific notation.

The preg_match() example you’ve given only checks that a value contains the digits zero to nine, any number of them, and in any sequence.

Note that the regular expression you’ve given also isn’t a flawless integer checker, the way you’ve written it. It doesn’t permit for negatives, it does permit for a zero-length string (ie with no digits at all, which presumably shouldn’t be valid?), and it permits the number to have any number of leading zeros, which again may not be the intended.

As per your comment, a better regular expression might look like this:

This coerces the very first digit to only be inbetween 1 and 9, so you can’t have leading zeros. It also compels it to be at least one digit long, so solves the zero-length string issue.

You’re not worried about negatives, so that’s not an issue.

You might want to restrict the number of digits, because as things stand, it will permit strings that are too big to be stored as integers. To restrict this, you would switch the starlet into a length confinement like so:

This would permit the string to be inbetween 1 and 16 digits long (ie the very first digit plus 0-15 further digits). Feel free to adjust the numbers in the curly braces to suit your own needs. If you want a stationary length string, then you only need to specify one number in the braces.

Hope that helps.

According to http://www.php.net/manual/en/function.is-numeric.php, is_numeric alows something like “+0123.45e6” or “0xFF”. I think this not what you expect.

preg_match can be slow, and you can have something like 0000 or 0051.

I choose using ctype_digit (works only with strings, it’s ok with $_GET).

is_numeric() permits any form of number. so 1 , Three.14159265 , Two.71828e10 are all “numeric”, while your regex boils down to the equivalent of is_int()

is_numeric would accept “-0.5e+12” as a valid ID.

Not exactly the same.

From the PHP docs of is_numeric:

With your regex you only check for ‘basic’ numeric values.

Also is_numeric() should be swifter.

is_numeric checks whether it is any sort of number, while your regex checks whether it is an integer, possibly with leading 0s. For an id, stored as an integer, it is fairly likely that we will want to not have leading 0s. Following Spudley’s response, we can do:

However, as Spudley notes, the resulting string may be too large to be stored as a 32-bit or 64-bit integer value. The maximum value of an signed 32-bit integer is Two,147,483,647 (Ten digits), and the maximum value of an signed 64-bit integer is 9,223,372,036,854,775,807 (Nineteen digits). However, many Ten and Nineteen digit integers are larger than the maximum 32-bit and 64-bit integers respectively. A plain regex-only solution would be:

respectively, but these “solutions” unhappily restrict each to 9 and Nineteen digit integers, hardly a satisfying result. A better solution might be something like:

is_numeric checks more:

Finds whether the given variable is numeric. Numeric strings consist of optional sign, any number of digits, optional decimal part and optional exponential part. Thus +0123.45e6 is a valid numeric value. Hexadecimal notation (0xFF) is permitted too but only without sign, decimal and exponential part.

If you’re only checking if it’s a number, is_numeric() is much much better here. It’s more readable and a bit quicker than regex.

The issue with your regex here is that it won’t permit decimal values, so essentially you’ve just written is_int() in regex. Regular expressions should only be used when there is a non-standard data format in your input, PHP has slew of built in validation functions, even an email validator without regex.

PHP’s is_numeric function permits for floats as well as integers. At the same time, the is_int function is too rigorous if you want to validate form data (strings only). Therefore, you had usually best use regular expressions for this.

Rigorously speaking, integers are entire numbers positive and negative, and also including zero. Here is a regular expression for this:

OR, if you want to permit leading zeros:

Note that this will permit for values such as -0000, which does not cause problems in PHP, however. (MySQL will also cast such values as 0.)

You may also want to limit the length of your integer for considerations of 32/64-bit PHP platform features and/or database compatibility. For example, to limit the length of your integer to 9 digits (excluding the optional – sign), you could use:

Meantime, all the values above will only restrict the values to integer, so i use

to permit float values too.

You can use this code for number validation: