Re: MySQL (was Re: Notice about seconds overroll - S7K bug)

[Radu Rendec <radu.rendec () ines ro>]

On Sun, 16 Sep 2001 16:24:30 -0400 (EDT)
Dennis Murphy <dmurphy () nbvb com> wrote:

DM> The way I dealt with this in PHP is by writing a function to validate input
DM> (i.e. Make sure there's nothing but an integer coming in as a parameter).
DM> There's probably a half-dozen ways to rewrite this function more efficiently,
DM> but at least it works...

If speed is a concern, there are faster methods to validate GET/POST data.
One is to cast to int in PHP, like:

$query="select * from my_table where id=".((int)$id);

However, there might be a problem if int is internally represented in
lower precision in PHP than it is in SQL. Another method is to enclose the
variable contents in quotes:

$query="select * from my_table where id='".addslashes($id)."'";

--
Radu Constantin Rendec
Web Solutions Manager
iNES Advertising ( http://www.ines.ro )