usage of intval & real_escape_string when sanitizing integers
Posted
by
paulus
on Stack Overflow
See other posts from Stack Overflow
or by paulus
Published on 2011-11-21T01:42:48Z
Indexed on
2011/11/21
1:50 UTC
Read the original article
Hit count: 190
dear All.
I'm using integer PKs in some tables of mysql database. Before input from PHP script, I am doing some sanitizing, which includes intval($id) and $mysqli->real_escape_string().
The queries are quite simple
insert into `tblproducts`(`supplier_id`,`description`) values('$supplier_id','$description')
In this example, $description goes through real_escape_string(), while $supplier_id only being intval()'ed.
I'm just curious, if there're any situations, when I need to apply both intval and real_escape_string to integer I'm inserting into DB? So basically do I really need to use?
$supplier_id = intval($mysqli->real_escape_string($supplier_id));
Thank you.
© Stack Overflow or respective owner