MortHub MortHub - 4 months ago 10x
PHP Question

Is it necessary to use mysqli_real_escape_string with data from <input type=number> inputs?

Just as the title states. Is it a standard procedure/practice to escape number inputs?

I know text fields should be escaped, but i'm wondering if I need to escape numbers.


You should use Prepared Statement. But if you don't wish to do that, at least cast some data type, for example:

$myVar = (int)$_POST['user_age'];
$myVar = (float)$_POST['user_salary'];