Y
Hacker News
new
|
ask
|
show
|
jobs
by
alien3d
3529 days ago
why not using filter_input or casting it ? e.g $userId = (int)$_GET["userId"]; and also when query to db using parameter binding ?
1 comments
Grazester
3529 days ago
Yeah, a prepared statement would take care of this just fine
link