DEVHIDE
Login Or Sign up

is_numeric($str) for database queries

109 Views Asked by At

Basically my question is, if I have a number string, and i'm going to compare it to the database, is that a secure/safe way to check. Or should I just escape my number variables aswell as my strings (like I already do)?

Example:

<?php
    $id = $_POST['id'];
    if(is_numeric($id)){
        //database connectivity.    
    }
?>
php sql database isnumeric
Original Q&A
2

There are 2 best solutions below

0
On BEST ANSWER

"Database" is pretty general, so I'll assume you're using MySQL. It's safe so long as when you insert $id into the query it is escaped (either with mysql_real_escape_string or preferably a prepared statement).

0
On

"Select from Tbl where Id = '". (int)$_POST['id'] ."'"

Related Questions in PHP

Related Questions in SQL

Related Questions in DATABASE

Related Questions in ISNUMERIC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.