Maybe you could have a little regex for that. I don't remember the exceptions but something like this:
$_REQUEST['start'] = isset($_REQUEST['start']) && preg_match('~^(:?(:?from|msg)?\d+|new)$~', $_REQUEST['start']) ? $_REQUEST['start'] : 0;
A little test code too, if you can think of more cases:
<?php
$regex = '~^(:?(:?from|msg)?\d+|new)$~';
$tests = array(
'123' => 1,
'new' => 1,
'msg123' => 1,
'from123' => 1,
'123msg' => 0,
'from12x3' => 0,
'new123' => 0,
'news' => 0,
'msg1.23' => 0,
);
echo '
<style>
table
{
border-collapse:collapse;
}
td, th
{
border: 1px solid #000;
padding: 0.5em;
}
</style>
<table>
<tr>
<th>Test</th>
<th>Expected</th>
<th>Result</th>
</tr>';
foreach ($tests as $test => $expected)
{
$result = preg_match($regex, $test);
echo '
<tr>
<td>', $test, '</td>
<td>', $expected, '</td>
<td>', $result, '</td>
</tr>';
}
echo '
</table>';
Reminds me of the time we were coding compareVersions() and matchPackageVersion() functions right before 2.0 release with Norv and came up with 100+ cases to test. Good old days...
That turned out to be a pretty weird check but interestingly it actually prevented a PHP bug to be exploited.