Home/ Questions/Q 6900441
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T07:32:47+00:00

is it safe to use cast (int) instead of escaping? class opinion { function

  • 0

is it safe to use cast (int) instead of escaping?

class opinion
{
   function loadbyopinionid($opinionid){
      $opinionid=(int)$opinionid;
      mysql_query("select * from fe_opinion where opinionid=$opinionid");
      //more code 
   }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    mysql_real_scape_string is for STRINGS. it will not make an integer ‘safe’ for use. e.g.

    $safe = mysql_real_escape_string($_GET['page']);

    will do NOTHING where

    $_GET['page'] = "0 = 0";

    because there’s no SQL metacharacters in there. your query would end up something like

    SELECT ... WHERE somefield = 0 = 0

    However, doing intval() will convert that 0=0 into a plain 0.

    • 0