Home/ Questions/Q 8504091
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T01:55:52+00:00

Which if the folowing lines is better to use for making sure my code

  • 0

Which if the folowing lines is better to use for making sure my code is more secure. Should I be using the settype function of the filter_var functions?

settype($number,'integer')

or

filter_var($number, FILTER_SANITIZE_NUMBER_INT);

Thanking You

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As the documentation says about FILTER_SANITIZE_NUMBER_INT:

    Remove all characters except digits, plus and minus sign.

    So if you are expecting for instance, an ID to be used in a SQL query, I would go with a regular expression to check that I only have digits /^[0-9]+$/. Because FILTER_SANITIZE_NUMBER_INT would allow -12 which would not make sense in this context.

    The main difference between filter_var and settype is that one will parse the variable as a string, and return a string, and the other will cast it to an integer.

    $string = "+12";
var_dump(filter_var($string, FILTER_SANITIZE_NUMBER_INT));
settype($string, "integer");
var_dump($string);

    Output:

    string(3) "+12"
int(12)

    So it really depends on the context.

    • 0