I have some checkboxes that can be checked. They look like
<input type="checkbox" name="order[123]" value="1">
Now I am checking the formdata and I filter the ids in the order-array this way, before i look them up in the database.
$orderids = preg_grep('/^\d+$/', array_keys($_POST['order']));
is there a more efficient way for doing this?
Using regex, you are ensuring no malicious strings are used, but not checking for viability in the database. (e.g.
order[999999999999999999999999]would pass regex, but not be useful in the db.)The truest validation would be to run them against your database-borne ids using
array_intersect.