usage of intval & real_escape_string when sanitizing integers

Posted by paulus on Stack Overflow See other posts from Stack Overflow or by paulus
Published on 2011-11-21T01:42:48Z Indexed on 2011/11/21 1:50 UTC
Read the original article Hit count: 190

Filed under:
|
|

dear All.

I'm using integer PKs in some tables of mysql database. Before input from PHP script, I am doing some sanitizing, which includes intval($id) and $mysqli->real_escape_string().

The queries are quite simple

insert into `tblproducts`(`supplier_id`,`description`) values('$supplier_id','$description')

In this example, $description goes through real_escape_string(), while $supplier_id only being intval()'ed.

I'm just curious, if there're any situations, when I need to apply both intval and real_escape_string to integer I'm inserting into DB? So basically do I really need to use?

$supplier_id = intval($mysqli->real_escape_string($supplier_id));

Thank you.

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql