PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am using variables in my url with the $_GET statement which I put into a sql statement to retrieve page content from mySQL db. I wanted to prevent sql injection and I thought that as the variable will only contain numbers I could use this as my check. (If it is not a number reset the variable to the default page.)
This is my code below but it doesn't seem to work. I am not sure what I am doing wrong. The outer 'if' statement works but the inner one doesn't, it always evaluates to TRUE even with a valid number. Can anyone help? Thanks,
Values from an HTML form are always strings, even if they contain a numeric value, because the HTML form has no concept of number
Try using is_numeric instead, but watch out for values like "29 Days" which will return true for is_numeric. Most people will use a regexp to validate numeric values for this reason
Use is_numeric() for the check and then type cast to integer before inserting into the database
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.