So I was wondering is this enough to be safe that user won’t do

Question

0

Asked: May 15, 20262026-05-15T12:30:39+00:00 2026-05-15T12:30:39+00:00

So I was wondering is this enough to be safe that user won’t do

0

So I was wondering is this enough to be safe that user won’t do any SQL injections and the number will be only and always integer? The $id in getArticle function is binded to SQL query.

<?php $id = (isset($_GET['id']) && is_int((int)$_GET['id'])) ? (int)$_GET['id'] : false ?>
<?php $news = $class->getArticle($id) ?>

As far I tested it worked fine, but as I’m not totally sure I rather ask you guyz!
Ok, people say prepared statements would do the trick. They really would? Like, can I be totally sure that if bind param as integer it will be integer nothing else?

Thanks in advance!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T12:30:40+00:00

Editorial Team

2026-05-15T12:30:40+00:00Added an answer on May 15, 2026 at 12:30 pm

You can simply type cast them to proper type:

$number = intval($_GET['id']);
$string = mysql_real_escape_string(strval($_GET['str']));

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

So I was wondering is this enough to be safe that user won’t do

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply