What is the most efficient way to verify Variables in PHP?

Question

I'm thinking about an application which recieves massive Data from the User. But this data has to be verified in php:

fe $_GET['id'] has to be a number every Element of an array must be a value between a specific range.

so how efficient are functions like is_int($x) or isset($x) ? Maybe if($x!=null) is faster or (int) x is causing same results.

What is the best way to handle Data that needs to get to Database quick but needs to be verified? Is there any difference in $_GET and $_POST in speed?

Maybe implementing a class doing that improves something?

Maybe for an more concret chance to answer, here a bit inefficent code:

if(isset($_GET["x"]) && $_GET["x"] > 0) { $x = $_GET["x"]; }
if(isset($_GET["y"]) && $_GET["y"] > 0) { $y = $_GET["y"]; }
if(isset($_GET["winWidth"]) && $_GET["winWidth"] > 0) {  $winWidth = $_GET["winWidth"]; }
if(isset($_GET["winHeight"]) && $_GET["winHeight"] > 0) {   $winHeight = $_GET["winHeight"]; }
if(isset($_GET["a"])) {  $a = $_GET["a"]; }

UPDATE:

What about further security functions like:

mysql_real_escape_string($str);

or

stripslashes()

? Please Stackoverflow, show me the magic :)

Harry

Answer 1

The fastest way to check if something has been posted and whether it's a positive integer:

if (isset($_POST['field']) && ctype_digit($_POST['field']))

mysql_real_escape_string is incredibly slow, compared to addslashes . However, it's definitely more secure.

However, it's normally not necessary to worry about all this too much. We're talking about billionths of a second here.