I’m using PDO, and my $_POST[‘arraywithdata’] is an array filed with numeric values. I

Question

0

Asked: May 26, 20262026-05-26T03:38:23+00:00 2026-05-26T03:38:23+00:00

I’m using PDO, and my $_POST[‘arraywithdata’] is an array filed with numeric values. I

0

I’m using PDO, and my $_POST['arraywithdata'] is an array filed with numeric values. I think that this is not enough secure, I just wan’t to be sure and prevent myself from a hack.

This is my code:

$arr = $_POST['arraywithdata'];
$SQL->query("UPDATE `data_s` SET `set` = 1 WHERE `id` IN " . implode(", ", $arr));

As you can see, I’m not checking if the post code in a int or something.

Should I rather use something like:

implode(", ", (int) $arr)

?

I guess the above will not work, since array can not be an integer.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T03:38:24+00:00

Editorial Team

2026-05-26T03:38:24+00:00Added an answer on May 26, 2026 at 3:38 am

You need to convert each value of the array and not the array itself. You can use array_map to do so:

implode(", ", array_map('intval', $arr))

Here array_map will apply intval to each value of $arr and return a new array with the return values.

But as you’re using PDO, you might also be interested in a PDO solution.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using PDO, and my $_POST[‘arraywithdata’] is an array filed with numeric values. I

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply