> > Then make sure $id is a number. You can use is_int, or (int), or > whatever. > > It appears that any numeric values passed via the URL (..?param=10001) are > automatically treated as strings. If I pass ?param=1001 to the following > script...
So turn it into an integer. $param = (int)$_POST['param']; It'll be turned into an integer or anything after a string part will be chopped off. 10001 => 10001 1000f => 1000 f1000 => 0 Validating can be that simple. You may also want to check the range of the number. Again, validating is unique to your application. What do you expect the value to be? If the value is XXX, how does that affect my application? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php