The term "better safe than sorry" applies.
Use
Code: Select all
$total = (int) $_POST["price1"] * (int) $_POST["qty1"];
If any of the POST variables contain anything but a number it will result in an integer as a result. Actually you may not even need the (int) casts...
If the total will be used to perform an action, i.e. effect real change. It might be better to error out and force the user to correct the problem in their form. This is relevant since an integer cast can reduce a string (say "23iambad!") to the leading integer 23. This result of type juggling (as the PHP calls it) can cause unexpected results, that a user probably does not intend in the case of a genuine mistake on their part. The larger the impact a mistake will have, the more you want to avoid PHP's finnicky type casting.
This is one of the reasons I usually advise against attempting to fix user mistakes where the resulting fix has a probability of not matching the original intent of the user.