Is it secure to use (int) to make sure you are receiving a integer on the URL?
For example: test.php?id=3
if ((int)$_GET['id'] == 0) {
echo 'Invalid Entry';
}
So if somebody enters other than a number it will be invalid.
Is it secure to use (int) to make sure you are receiving a integer on the URL?
For example: test.php?id=3
if ((int)$_GET['id'] == 0) {
echo 'Invalid Entry';
}
So if somebody enters other than a number it will be invalid.
This should work for you:
if (filter_var($_GET['id'], FILTER_VALIDATE_INT) === FALSE) {
echo 'Invalid Entry';
}
Input / Output:
0 -> Good
"0" -> Good
5 -> Good
"5" -> Good
1.4 -> Bad
"1.4" -> Bad
"12text" -> Bad
EDIT:
If you don't want numbers <0 you can use this:
if (filter_var($_GET['id'], FILTER_VALIDATE_INT) === FALSE || $_GET['id'] <= 0) {
echo 'Invalid Entry';
}