First thank you for reading my question. During this days, i saw that there

Question

0

Asked: June 13, 20262026-06-13T23:17:50+00:00 2026-06-13T23:17:50+00:00

First thank you for reading my question. During this days, i saw that there

0

First thank you for reading my question.

During this days, i saw that there are a lot of “malicious” url query running at my website,so i was afraid if my php script is vulnerable to sql injections.

My url structure is: http://mywebsite.com/post.php?id=7573
To get all info i need from a post i use the post id from URL.

To “clear” this ID i use this method:

$id = mysql_real_escape_string ($id);
$safeID = intval(preg_replace("/[^0-9]/", "", $id));
$sql = "SELECT * FROM web_content WHERE state = '1' AND ID = '$safeID'";
$res = mysql_query($sql) or die (mysql_error());
$row = mysql_fetch_assoc($res);
.........

Please i need to know if the safeID, that is sent to database, is really “SAFE”.

Thank you

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-13T23:17:51+00:00

Editorial Team

2026-06-13T23:17:51+00:00Added an answer on June 13, 2026 at 11:17 pm

It could be just as easy as using intval($id)

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

First thank you for reading my question. During this days, i saw that there

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply