MemphiS Posted November 1, 2008 Share Posted November 1, 2008 if (isset($_POST'submit']) && is_numeric($_POST['cost'])) { $cost = (int) $_POST['cost']; } Is tis fine for entering $cost into a database without any risk of hacking? Or do i need to secure $cost anymore? Also When using switch isit fine to place mysql querys within the cases? Just want to double check my work before uploading it live Quote Link to comment https://forums.phpfreaks.com/topic/130975-variable-security/ Share on other sites More sharing options...
Garethp Posted November 1, 2008 Share Posted November 1, 2008 $cost = (int) mysql_real_escape_string($_POST['cost']); Quote Link to comment https://forums.phpfreaks.com/topic/130975-variable-security/#findComment-679908 Share on other sites More sharing options...
wildteen88 Posted November 1, 2008 Share Posted November 1, 2008 $cost = (int) mysql_real_escape_string($_POST['cost']); mysql_real_escape_string should only be used on strings to make them safe for insertion. If all you want is a number then the OP code should be sufficient. Quote Link to comment https://forums.phpfreaks.com/topic/130975-variable-security/#findComment-679923 Share on other sites More sharing options...
MemphiS Posted November 1, 2008 Author Share Posted November 1, 2008 Thanks for both your responces didnt need to use mysql_real_escape_string(); for the purpose i was using it for Quote Link to comment https://forums.phpfreaks.com/topic/130975-variable-security/#findComment-679930 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.