MemphiS Posted November 1, 2008 Share Posted November 1, 2008 if (isset($_POST'submit']) && is_numeric($_POST['cost'])) { $cost = (int) $_POST['cost']; } Is tis fine for entering $cost into a database without any risk of hacking? Or do i need to secure $cost anymore? Also When using switch isit fine to place mysql querys within the cases? Just want to double check my work before uploading it live Link to comment https://forums.phpfreaks.com/topic/130975-variable-security/ Share on other sites More sharing options...
Garethp Posted November 1, 2008 Share Posted November 1, 2008 $cost = (int) mysql_real_escape_string($_POST['cost']); Link to comment https://forums.phpfreaks.com/topic/130975-variable-security/#findComment-679908 Share on other sites More sharing options...
wildteen88 Posted November 1, 2008 Share Posted November 1, 2008 $cost = (int) mysql_real_escape_string($_POST['cost']); mysql_real_escape_string should only be used on strings to make them safe for insertion. If all you want is a number then the OP code should be sufficient. Link to comment https://forums.phpfreaks.com/topic/130975-variable-security/#findComment-679923 Share on other sites More sharing options...
MemphiS Posted November 1, 2008 Author Share Posted November 1, 2008 Thanks for both your responces didnt need to use mysql_real_escape_string(); for the purpose i was using it for Link to comment https://forums.phpfreaks.com/topic/130975-variable-security/#findComment-679930 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.