[SOLVED] question about (int)

[Reaper0167]

is it good habbit to always use (int) for the examples below.

 

$var = (int)$_GET['id'];

 

$var = (int)$_SESSION['id'];

 

Basically what I am asking is if there is a variable in the script and it is suppose to be a number, should I have the (int) in there for security purposes?

[Andy-H]

Yes...

[natepizzle]

I don't think you need to cast the session id as an integer.

[Reaper0167]

That was kinda my question, thanks for the replies. Basically just when retrieving variables from the url then.?

[natepizzle]

POST too

[JasonLewis]

Well it depends, basically, the (int) is typecasting any variable to be an integer. So, if $_GET['id'] were to be a word, I'm pretty sure it would end up being 0.

 

If you want to do error checking, your better off using is_numeric() to see if the variable is a number, or even is_int(). Check them both out and see which would suite you better.

[Andy-H]

I personally use it if the variable is storing user input which should be type integer, so if I use get data I do this:

 

$int = (int)$_GET['id'];

 

But if its not user inputted data it doesn't matter unless its logical to change a variables type like:

$string = '3.147';
$int = (int)$string;
$myInt = 100;

 

Obviously with some logic in it too.

 

Also I dont know if (int) assumes signed or unsigned int but i think it allows 0. Would be good to look into tho if you dont wish to allow negatives or w.e.