Reputation: 4321
Convert querystring to int in PHP
Working on my first PHP site (I'm mainly an ASP programmer), and I need to convert a querystring variable into a number I can then use to query a database. What's the best way to convert to a usable int (I tried intval() already but I keep getting 0 as a result) and also validate it (AKA no single quotes, blah blah) in PHP?
Upvotes: 0
Views: 1674
Answers (2)
Reputation: 7349
PHP allows for far more flexibility with types than ASP, and will convert between different types automatically.
The best way to ensure a number in your SQL is to use sprintf(), for example:
$sql = "SELECT name FROM users WHERE id = ".sprintf("%d", $_POST['userid']) ;
When inserting strings delivered by GET or POST into your SQL, you should use mysql_real_escape_string() (assuming your SQL is going to MySQL) to escape anything that needs escaping, so:
$sql = "SELECT id FROM users where name = ".sprintf("'%s'", mysql_real_escape_string($_GET['username'])) ;
Upvotes: 1
Reputation: 10467
You are probably trying to read input parameters for PHP script - I would recommend using
$_POST $_GET
arrays, as they hold all that info already parsed.
Upvotes: 0
Related Questions
- How to convert string number to int number using php
- php string to int
- php integer inquiry about query string
- How to convert string variable to integer in php?
- Cannot convert string to int in PHP
- PHP change int to string
- Convert String to int php
- Converting String to int in PHP
- Convert string to integer?
- How to convert a String to an Integer in PHP?