Menu
could i safely assume (if i'm just GETting an id number) that is_numeric is good enough to thwart sql injection attacks? or is there sql injection methods that can pass through is_numeric?
948
You'd be better served to just do:
$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
This way you can avoid the is_numeric function overhead. Either method is sufficient to avoid injection, though (as long as you do something to the data if is_numeric returns FALSE). The ternary operator also makes sure you don't get an E_NOTICE if the $_GET variable in question doesn't exist.
89
No, there isn't. However, remind, that for example is_numeric('0xaf5') == true, thus its maybe not enough according what you want to achieve.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
