Home/ Questions/Q 5989633
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T23:07:47+00:00

Some may know that PHP methods can be remotely invoked from Flash. Sometimes the

  • 0

Some may know that PHP methods can be remotely invoked from Flash.
Sometimes the input parameter of a remote PHP method is an array of integers.
Because PHP is dynamically typed an attacker can pass an array of anything.
The array of integers has to be used in a SQL query.
At the moment I’m preventing injection like this:

foreach ($unsafeArray as $value)
    $safeArray[] = (int)$value;

What would you recommend? Maybe I should start using Java 😀

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could use this: $aSafeArray = array_map('intval', $aUnsafeArray); to make sure all passed values are an integer.

    My advice would be to start using prepared statements!
    Example:

    $o->bindParam(':anint', $iInt, PDO::PARAM_INT);
    • 0