I'm using PHP, I've read various posts on sanitizing/filtering and am happy with how I both save and read/represent my data.
But... When it comes to numeric data, my filtering/sanitizing deleted the decimal point.
As a solution, can I not have the server just do a computation on the client data and add zero to the value sent? This implies if the user/client was to send the server non-numeric (perhaps some sql injection string), their ill intent would fail as my string would result in zero.
Acceptable or no? Can anyone forsee a weakness in this?
I ask because I have tried to use
$str=filter_var( $str, FILTER_SANITIZE_NUMBER_FLOAT );
and it removed the decimal point. By adding a zero, I can ensure decimal place is kept.
(thanks in advance)
