I have simple jTable jQuery webpage. Since I didn't recieve much response in my previous topic: Safe MySQL password on shared hosting, I've started to research on my own. I'm using PHP based script for MySQL connection and for Pagination. From what I've researched, queries with no input data from user can't be harmed by hacker unless the PHP file is directly accessed and/or replaced. Therefore I decided to put it above my web root. I've added pagination feature for jTable, which uses SQL query with some input data from JS script. For heaven's sake I decided to protect this query from any malicious SQL Injections.
The query:
"SELECT * FROM people LIMIT " . $_GET["jtStartIndex"] . "," . $_GET["jtPageSize"] . ";"
What I did is I've added casts to int, for ex:
"SELECT * FROM people LIMIT " . (int)$_GET["jtStartIndex"] . "," . (int)$_GET["jtPageSize"] . ";"
Is it safe enough? As far as I remember, any string that will go there will be parsed to 0 by (int) cast.