> > Then make sure $id is a number. You can use is_int, or (int), or
> whatever.
> It appears that any numeric values passed via the URL (..?param=10001)
> automatically treated as strings. If I pass ?param=1001 to the
> script...

So turn it into an integer.

$param = (int)$_POST['param'];

It'll be turned into an integer or anything after a string part will be
chopped off.

10001 => 10001
1000f => 1000
f1000   => 0

Validating can be that simple. You may also want to check the range of
the number. Again, validating is unique to your application. What do you
expect the value to be? If the value is XXX, how does that affect my

---John Holmes...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to