Menu
Community /Pin to ProfileBookmark
@NogDogMar 08.2007 — #If the ID column is an integer, just cast the value from the URL to an integer:
@NogDogMar 08.2007 — #Basically, it will read characters from the start of the value until it reaches something that is not a digit. For example:
This will output:
Need help securing following code (SQL injection)
Hello! I’ve got a nicely written up MySQL class and a bit of code that gets information from the DB (query with a WHERE id=$id). How can I get the $id from the url? I know I can achieve this with a $_GET[“id”] but I want it to be secure against SQL injection. How can I achieve this? Is there any way of doing this in OOP style? Looking forward to replies!
Thanks,
Sam Granger
Sign in
to post a comment5 Comments(s) ↴
0
@NogDogMar 08.2007 — #If the ID column is an integer, just cast the value from the URL to an integer:[code=php]
$id = (int) $_GET['id'];
[/code]0
@NogDogMar 08.2007 — #Basically, it will read characters from the start of the value until it reaches something that is not a digit. For example:[code=php]
<?php
$test = array("1;DELETE FROM users WHERE 1", 12.999, 'foobar');
foreach($test as $string)
{
echo (int) $string ."<br>";
}
?>
[/code]This will output:
<i>
</i>1
12