Skip to main content
AI Assist is now on Stack Overflow. Start a chat to get instant answers from across the network. Sign up to save and share your chats.

Return to Answer

Formatting, unsign
Source Link
halfer
halfer
  • 20.2k
  • 20
  • 111
  • 207

I use intval()intval() for simple cases although (int)(int) apparently eats less resources

EXAMPLE: "SELECT * FROM categories WHERE category_id = ".intval($_POST['id'])." LIMIT 1" Example:

T

$sql = "SELECT * FROM categories WHERE category_id = " . intval($_POST['id']) . " LIMIT 1";

I use intval() for simple cases although (int) apparently eats less resources

EXAMPLE: "SELECT * FROM categories WHERE category_id = ".intval($_POST['id'])." LIMIT 1"

T

I use intval() for simple cases although (int) apparently eats less resources. Example:

$sql = "SELECT * FROM categories WHERE category_id = " . intval($_POST['id']) . " LIMIT 1";
Post Undeleted by tomhre
deleted 412 characters in body
Source Link
tomhre
tomhre
  • 315
  • 1
  • 4
  • 15

is usingI use intval() correct, if I am using $_POST value in query for integers such as ids? i know it does not always convert to the right number depending on what string is supplied but the case is not allowing random strings to the query, right? Furthermore limiting the value to integer. Anyone can still change the string send from url/form but is intval good enough to be used like that?simple cases although (int) apparently eats less resources

EXAMPLE: "SELECT * FROM categories WHERE category_id = ".intval($_POST['id'])." LIMIT 1"

thank you in advance if anyone comments on this, i could not post it as a comment unfortunately

T

is using intval() correct, if I am using $_POST value in query for integers such as ids? i know it does not always convert to the right number depending on what string is supplied but the case is not allowing random strings to the query, right? Furthermore limiting the value to integer. Anyone can still change the string send from url/form but is intval good enough to be used like that?

EXAMPLE: "SELECT * FROM categories WHERE category_id = ".intval($_POST['id'])." LIMIT 1"

thank you in advance if anyone comments on this, i could not post it as a comment unfortunately

T

I use intval() for simple cases although (int) apparently eats less resources

EXAMPLE: "SELECT * FROM categories WHERE category_id = ".intval($_POST['id'])." LIMIT 1"

T

Post Deleted From Review
Source Link
tomhre
tomhre
  • 315
  • 1
  • 4
  • 15

is using intval() correct, if I am using $_POST value in query for integers such as ids? i know it does not always convert to the right number depending on what string is supplied but the case is not allowing random strings to the query, right? Furthermore limiting the value to integer. Anyone can still change the string send from url/form but is intval good enough to be used like that?

EXAMPLE: "SELECT * FROM categories WHERE category_id = ".intval($_POST['id'])." LIMIT 1"

thank you in advance if anyone comments on this, i could not post it as a comment unfortunately

T