Curt Zirzow wrote:
Seing that I have a question around. Most cases I validate the $userid by using the function inval() in that way:
$userid = (int) $_POST['TXT_UserID']; $sql = "... WHERE UserID = $userid";
$userid = inval($_POST['TXT_UserID'];
$sql = "... WHERE UserID = $userid";I thinkl that in both cases (Curt and mine) results are the same, and $userid will get the digits from the begining of $_POST['TXT_UserID'] to the first non digit char.
I made this test:
<?PHP
$value = intval($_GET['val']); echo "value: $value <br>";
$value = (int) $_GET['val']; echo "value: $value <br>";
?>
Then I passed on the GET, different values:
- ?val=me123 // Displays 0 in both cases as expected. - ?val=123me // Displays 123 in both cases. - ?val=12me3 // Displays 12 in both cases. - ?val=46.5 // Displays 46 in both cases.
Just my questions:
Are I correct assuming that the both aproaches give always the same result?
Which one is more polite and/or correct to filter the user data? and faster ?
Thanks in advance, Jordi.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
