Greetings to all who have entered

$_GET["id"] = (int)$_GET["id"];

Actually there are htmlspecialchars. For special paranoids like me there is (int). Are there any other commands similar (int) that affect the value of a variable? Suppose any be

 $_GET["id"] = (abcdeабвгд)$_GET["id"]; // оставляем только буквы

ps if not, then say so

  • preg_match is a universal option Only it is not for paranoids, but for people who think about the security of data received from the user. - ReinRaus
  • 2
    still, as an option, less versatility, but already ready: filters - xEdelweiss
  • You can write different types of type conversions, as you wrote int, escaping, except for htmlspecialchars there is also mysql_real_escape_string ($ user), which works only with quotes. if you only need letters, use a regular expression as written above. - IVsevolod
  • 3
    For the thousandth time, you can say that use PDO and many paranoid psychosis will leave you. )) - Deonis
  • one
    @ReinRaus, and casting is protection? - Deonis

0