Now i'm curious
Posted: Sun Oct 16, 2005 1:09 pm
For years now when securing simple numeric types before sending to database, all i've done is simply use an explicit cast using (int) (float)
ie:
A cast, I figure should return ZERO if the my_int is anything other than an integer or float.
I've tried:
It should yield ZERO...
So the way I see it explicit casting should be a safe way to sterilize numeric input from users...
Any objections, comments, etc...?
Cheers
ie:
Code: Select all
$my_int = (int)$_GET['my_int'];I've tried:
Code: Select all
$test = 'm123';
$my_int = (int)$test;So the way I see it explicit casting should be a safe way to sterilize numeric input from users...
Any objections, comments, etc...?
Cheers