开发者

What's the difference between intval and db_escape in SQL?

开发者 https://www.devze.com 2023-03-05 16:50 出处:网络
I\'ve got friends who\'s telling me to change some code. One of them is telling me to change my code into:

I've got friends who's telling me to change some code.

One of them is telling me to change my code into:

intval($_GE开发者_如何学运维T['id']);

And the other tells me to change into:

db_escape($_GET);

Who is right, and why?


Intval is specifically for numbers. With intval you transform anything what is not a valid number to "0". With db_escape() you can prepare strings and other stuff to be inserted into a database. So both are right, it depends on what you want to insert :-) If you want to insert a number or if you want to select an entry with its id

$query = "SELECT * FROM table WHERE id = " . intval($GET_["id"]);

then you should use intval. If you want to insert a text, you should use db_escape.

$query = "INSERT INTO table (stringCol) VALUES('" . db_escape($_POST['string']) . "')";
0

精彩评论

暂无评论...
验证码 换一张
取 消