how to use mysqli_real_escape_string for $_GET['page']
Question
I am using a pagination for a guestbook and i want to protect the 'page' with real escape string This is what i have now:
$page = (int)(!isset($_GET["page"]) ? 1 : $_GET["page"]);
If tried this but the paginations seems not to work anymmore:
$page = (int)(!isset($_GET["page"]) ? 1 : mysqli_real_escape_string($_GET["page"]));
What should i do to make this work?
1 answers
solution1
0 2015-04-02 23:33:23
You don't need to do any string escaping here, because you've forced the variable to be an integer instead. Even if you turn the integer back into a string, it will only contain digits, so there is no way for anyone to inject SQL into your query.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to use mysqli_real_escape_string()?
how to correctly use mysqli_real_escape_string() Function in a query
How to properly use mysqli_real_escape_string
mysqli_real_escape_string mysqli link?
mySQLI - problem with mysqli_real_escape_string
How to use mysqli_real_escape_string() in PHP to escape all characters except newline?
Use foreach and mysqli_real_escape_string for many post value
PHP and MySQL - correct way to use mysqli_real_escape_string
What kinds of quotes to use with mysqli_real_escape_string?
mysqli_real_escape_string, should I use it?
Related Tags