On 2/27/06 6:20 AM, "emil@xxxxxxxxxx" <emil@xxxxxxxxxx> wrote: > When users input is displayed for others then themself I try to filter out > html tags too. I type cast all relevant variables before processing them as one last check. Type casting forces the variable to be of the type you expect. For example, if you are expecting two integers: $id1 and $id2 but you get the following user input: $_GET["id1"] = 1234; $_GET["id2"] = "evil hakor code"; if you type cast these as: $id1 = (int)$_GET["id1"]; $id2 = (int)$_GET["id2"]; the output of print "$id1, $id2" would be: 1234, 0 Possible types you can use (not all relevant to $_GET): (int), (integer) - cast to integer (bool), (boolean) - cast to boolean (float), (double), (real) - cast to float (string) - cast to string (array) - cast to array (object) - cast to object - schnippy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
