Input filtering in PHP

Question

I am filtering user input in this way

$id= intval($_REQUEST['id']);

I am accepting only integers in $id.

Is there anything else which i can use to make it more secure?

Thanks!

Answer 1

Just to re-iterate your question:

I am filtering user input in this way $id= intval($_REQUEST['id']); I am accepting only integers in $id. Is there anything else which i can use to make it more secure?

I think you could just do a filter True : False by using ctype_digit($id);

You are accepting only integers in $id, What is a Integer: An integer is a number that can be written without a fractional or decimal component. For example, 21, 4, and −2048 are integers; 9.75, 5½, and √2 are not integers. The set of integers is a subset of the real numbers, and consists of the natural number (1, 2, 3, ...), zero (0) and the negatives of the natural numbers (−1, −2, −3, ...). > Taken form Wikipedia

Answer 2

If you're using a sufficiently recent PHP version, you can use the filter extension to validate your input.

Answer 3

You can use filter_var

<?php
$var = filter_var('0755', FILTER_VALIDATE_INT);
?>

The nifty thing is that you can do more complex validation like that (min lenght, default value etc.), check php.net's filter_var page.