chocopi Posted June 24, 2007 Share Posted June 24, 2007 I know that using $_GET can be dangerous if you are not careful, I was wondering if it would be safe just to use is_numeric() ? As I only want for numerical values to be passed through $_GET would it be safe to use is_numeric() or should I take other procautions ? Thanks ~ Chocopi Link to comment https://forums.phpfreaks.com/topic/56940-solved-saftey-using-_get/ Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 I'de use sprintf or maybe even type casting. As far as I know, anything coming through $_GET is actually a string. Link to comment https://forums.phpfreaks.com/topic/56940-solved-saftey-using-_get/#findComment-281255 Share on other sites More sharing options...
chocopi Posted June 24, 2007 Author Share Posted June 24, 2007 kool thanks, but how would I only allow for numbers ? or would it be formatted so that it is treated all as a interger ? ~ Chocopi Link to comment https://forums.phpfreaks.com/topic/56940-solved-saftey-using-_get/#findComment-281258 Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 <?php // either. $num = sprintf("%d",$_GET['key']); // or $num = (int) $_GET['key']); ?> Of course you could also use preg_match <?php $num = preg_match('[0-9]',$_GET['key']); ?> Link to comment https://forums.phpfreaks.com/topic/56940-solved-saftey-using-_get/#findComment-281260 Share on other sites More sharing options...
chocopi Posted June 24, 2007 Author Share Posted June 24, 2007 Cheers Thanks Thorpe Link to comment https://forums.phpfreaks.com/topic/56940-solved-saftey-using-_get/#findComment-281262 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.