https://www.webmaster-forums.net/crss/node/1041909 en https://www.webmaster-forums.net/web-programming-and-application-development/checking-its-number-enough#comment-1233388 <p>Curse you for being faster than me pr0gr4mm3r, you said exactly what I was going to. <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /></p> <p>Personally I love how <a href="http://api.drupal.org/api/function/db_query/6">Drupal does data sanitation</a>, in a <code>printf</code> style. For example, to get Andy's user account we might run:</p> <p><div class="codeblock"><code><span style="color: #000000"><span style="color: #0000BB">&lt;?php<br />$result </span><span style="color: #007700">= </span><span style="color: #0000BB">db_query</span><span style="color: #007700">(</span><span style="color: #DD0000">"SELECT * FROM users WHERE username='%s' AND number_of_posts &gt; %d"</span><span style="color: #007700">, </span><span style="color: #DD0000">"andy206uk"</span><span style="color: #007700">, </span><span style="color: #0000BB">1000</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?&gt;</span></span></code></div></p> <p>Sanitation is part of the <code>db_query()</code> function, so you never have to worry about it. I advise you to borrow from this and create your own similar functions. <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /></p> Fri, 12 Sep 2008 20:15:00 +0000 JeevesBond comment 1233388 at https://www.webmaster-forums.net https://www.webmaster-forums.net/web-programming-and-application-development/checking-its-number-enough#comment-1233385 <p>Another note, it also works for numeric strings as well</p> <p><div class="codeblock"><code><span style="color: #000000"><span style="color: #0000BB">&lt;?php<br />$var </span><span style="color: #007700">= </span><span style="color: #0000BB">2</span><span style="color: #007700">; </span><span style="color: #FF8000">//is_numeric() returns true<br /></span><span style="color: #0000BB">$var </span><span style="color: #007700">= </span><span style="color: #DD0000">"2"</span><span style="color: #007700">; </span><span style="color: #FF8000">//is_numeric() returns true<br /></span><span style="color: #0000BB">?&gt;</span></span></code></div></p> Fri, 12 Sep 2008 16:03:26 +0000 greg comment 1233385 at https://www.webmaster-forums.net https://www.webmaster-forums.net/web-programming-and-application-development/checking-its-number-enough#comment-1233382 <p>Wow - quick response!</p> <p>I'm not familiar with type casting in PHP, but I'm definitely going to read up on it now!</p> <p>Thanks!</p> Fri, 12 Sep 2008 15:05:27 +0000 andy206uk comment 1233382 at https://www.webmaster-forums.net https://www.webmaster-forums.net/web-programming-and-application-development/checking-its-number-enough#comment-1233381 <p>Yup, I will often type cast it to an integer instead of escaping it if I know it should be a number. Don't know if that saves CPU time or not, but it further cleans that piece of data.</p> <p><div class="codeblock"><code><span style="color: #000000"><span style="color: #0000BB">&lt;?php<br />$some_number </span><span style="color: #007700">= (int)</span><span style="color: #0000BB">$some_number</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">?&gt;</span></span></code></div></p> Fri, 12 Sep 2008 14:58:15 +0000 pr0gr4mm3r comment 1233381 at https://www.webmaster-forums.net