Tim Blair

isnumeric() - Too Clever for It's Own Good? (15/03/2004)

After a couple of weeks of apparently random problems with one of our sites, I've managaed to track down the issue. When a member logs in to the site, we store their member ID in a session variable, which is then used on subsequent requests to retrieve an instance of a member object for that member from a member factory (cached data).

What we were finding was that the request to retrieve a member's object was sometimes being called with extra spaces, e.g. " 12345". This was then breaking things and mean that the user couldn't use the site (of course all errors are handled approriately and the member shown a nice-ish error message!). After following the process backwards, I discovered that if the user actually puts one or more spaces at the beginning or end of their member ID when logging in, the details are authorised correctly but the member ID is stored in the session with the extra spaces.

In the login script I have one call which uses isdefined() and isnumeric() to check that the member ID is given and at least syntactically valid. I ran a number of tests and discovered that isnumeric() doesn't behave how I expected it should - it appears to trim() the value before testing for a number, so " 12345" will return TRUE. This is totally against how I expected it to work - my impression was that *any* non-numeric character would results in isnumeric() being FALSE.

Playing around a little more it seems that setting type="numeric" in a <cfargument> tag does the same thing - a numeric value with spaces before or after will be accepted perfectly happily as a numeric value, although the value will still contain the spaces.

So is this CF trying to be too clever, a result of CF being weakly typed, or just a bug?

Article Archive (September '03 – '05)