> From: "Sebastian" <[EMAIL PROTECTED]>
> just a question, what is the best way to sanitize your scripts when you're
> using $_GET or $_REQUEST in a query?
>
> eg, i usually just do:
>
> if(is_numeric($_REQUEST['id']))
> {
> mysql_query("SELECT id FROM table WHERE
> id=".intval($_REQUEST['id
On Sat, 2004-12-18 at 22:50, Sebastian wrote:
> just a question, what is the best way to sanitize your scripts when you're
> using $_GET or $_REQUEST in a query?
>
> eg, i usually just do:
>
> if(is_numeric($_REQUEST['id']))
> {
> mysql_query("SELECT id FROM table WHERE
> id=".intval($_REQUES
just a question, what is the best way to sanitize your scripts when you're
using $_GET or $_REQUEST in a query?
eg, i usually just do:
if(is_numeric($_REQUEST['id']))
{
mysql_query("SELECT id FROM table WHERE
id=".intval($_REQUEST['id'])."");
}
what about when the GET is text? just use htmls
3 matches
Mail list logo
