Bugtraq mailing list archives
RE: MySQL (was Re: Notice about seconds overroll - S7K bug)
From: "Rowan Kerr" <rowan () icebergmedia com>
Date: Mon, 17 Sep 2001 16:10:14 -0400
DM> (i.e. Make sure there's nothing but an integer coming in as a parameter).
One is to cast to int in PHP, like: $query="select * from my_table where id=".((int)$id);
It's a small point, but if you're using PHP, there is already an intval() function that can be used to see if input really is an integer.. If you don't have a number, it returns 0. --rowan
Current thread:
- MySQL (was Re: Notice about seconds overroll - S7K bug) Dennis Murphy (Sep 16)
- Re: MySQL (was Re: Notice about seconds overroll - S7K bug) Radu Rendec (Sep 17)
- <Possible follow-ups>
- RE: MySQL (was Re: Notice about seconds overroll - S7K bug) Rowan Kerr (Sep 17)