Skip to content Skip to sidebar Skip to footer
Home / Pdo / Php / Prepared Statement / Sql Injection / Validation

Do I Need To Use (int)$id Before I Use $id In Bindvalue In Php Pdo

Post a Comment
I just started using Php Data Objects and one thing I'm not sure about is do I have to validate that some variable is an integer before using it in the query. For example, like thi

Solution 1:

No it's not required for two reasons:

  1. You're letting PDO know that you are going to query the database for a column ID. PDO isn't going to parse anything in $_POST['id'].

  2. The second value of bindValue is automatically casted to a string (or of any type you might want to select). Hereint $data_type = PDO::PARAM_STR

Post a Comment for "Do I Need To Use (int)$id Before I Use $id In Bindvalue In Php Pdo"