why not using filter_input or casting it ? e.g $userId = (int)$_GET["userId"]; a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		alien3d on Oct 14, 2016 \| parent \| context \| favorite \| on: PHP 7 deployment at Dailymotion why not using filter_input or casting it ? e.g $userId = (int)$_GET["userId"]; and also when query to db using parameter binding ?

Grazester on Oct 14, 2016 | [–]

Yeah, a prepared statement would take care of this just fine

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact