MortHub MortHub - 1 year ago 52
PHP Question

Is it necessary to use mysqli_real_escape_string with data from <input type=number> inputs?

Just as the title states. Is it a standard procedure/practice to escape number inputs?

I know text fields should be escaped, but i'm wondering if I need to escape numbers.

Answer Source

You should use Prepared Statement. But if you don't wish to do that, at least cast some data type, for example:

$myVar = (int)$_POST['user_age'];
$myVar = (float)$_POST['user_salary'];
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download