Should I escape an expected integer value using mysql_real_escape_string or can I just use (int)$expectedinteger Should I escape an expected integer value using mysql_real_escape_string or can I just use (int)$expectedinteger mysql mysql

Should I escape an expected integer value using mysql_real_escape_string or can I just use (int)$expectedinteger


php mysql casting escaping sql-injection

mysql_real_scape_string is for STRINGS. it will not make an integer 'safe' for use. e.g.

$safe = mysql_real_escape_string($_GET['page']);

will do NOTHING where

$_GET['page'] = "0 = 0";

because there's no SQL metacharacters in there. your query would end up something like

SELECT ... WHERE somefield = 0 = 0

However, doing intval() will convert that 0=0 into a plain 0.

php mysql casting escaping sql-injection

Yes it is safe, but you should escape the value in the query..where opinionid='$opinionid'"

BTW (1) Never use Select *Solution Select Field, Field2 ....

(2) (int)$foo is less perfomanter then intval($foo)

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last