I have an application that takes data via a POST request. I am using

Question

0

Asked: May 15, 20262026-05-15T15:19:38+00:00 2026-05-15T15:19:38+00:00

I have an application that takes data via a POST request. I am using

0

I have an application that takes data via a POST request. I am using this data to insert a new row into the database. I know that using mysql_real_escape_string() (plus removing % and _) is the way to go for strings, but what about integer values? Right now, I am using the PHP function intval() on them.

However, I wanted to make sure that intval() is perfectly safe. I can’t see a way of an attacker preforming a SQL injection attack when the variables are run through intval() first (since it always returns an integer), but I wanted to make sure this is the case from people that have more experience than I.

Thanks.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T15:19:39+00:00

Editorial Team

2026-05-15T15:19:39+00:00Added an answer on May 15, 2026 at 3:19 pm

Yes, intval() is safe. There is absolutely no way to perform an SQL injection when the parameter is converted to integer, because (obviously) the format of an integer does not allow putting SQL keywords (or quotes, or whatever) in it.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have an application that takes data via a POST request. I am using

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply