uneeb uneeb - 1 year ago 88
Javascript Question

passing integer into url as parameter php/javascript

i want to save my website from url injection for that purpose i am using the following line to call another page with an integer id as an parameter here's the code

'<button onclick=window.location.href="admin_leadbox2.php?id=' + alert(typeof(parseInt(data[i].client_id))) + '">VIEW DETAILS</button>';

the alert is showing me that infact the data being passed in the url is a number

now when i get the id from the url and check its type in php it is giving me an string here's the php code

echo "<script>console.log('".gettype($id)."')</script>";

i know that i can convert the string received in the url into integer like i did in javascript to do my work but for my case to prevent url injection i only want to receive an integer type data! what is the problem? thanks in advance

Answer Source

A URL is a string. A URL, or query parameters within it, has no types. Here, this is what your URL looks like:


This is all the information that the computer has too. There's no hidden flag to mark "42" as an integer. It's just the characters 4 and 2. In a string. No different from "42foo", which would quite obviously be a string.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download