[22669] in bugtraq
RE: MySQL (was Re: Notice about seconds overroll - S7K bug)
daemon@ATHENA.MIT.EDU (Rowan Kerr)
Mon Sep 17 16:48:03 2001
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Mon, 17 Sep 2001 16:10:14 -0400
Message-ID: <469B2962EDFDE24CA16847F0D11DE0A60AE596@exchice.icebergmedia.local>
From: "Rowan Kerr" <rowan@icebergmedia.com>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
DM> (i.e. Make sure there's nothing but an integer coming in as a
parameter).
> One is to cast to int in PHP, like:
> $query="select * from my_table where id=".((int)$id);
It's a small point, but if you're using PHP,
there is already an intval() function that can
be used to see if input really is an integer..
If you don't have a number, it returns 0.
--rowan
