SQL Injection and mysql_real_escape_string
View Single Post
05-02-2008, 06:36 PM
Join Date: Sep 2007
Originally Posted by
Highway of Life
Suggesting that type casting is not important displays a lack of programming knowledge and especially security awareness.
Dealing with database interaction is something to always take seriously — and type casting can be of great benefit to you.
You gave a number of claims with nothing to support what you are saying. You also gave no downside to not typecasting besides it being no good (which is a matter of opinion).
You have to clean everything one way or another, why take an extra step and typecast when it will already be secure. It is not a big deal if you check if your primary ID is "a". If you typecast, it will be equal to nothing (""). One way or another you will get an empty set returned. There is no greater security risk in either method when compared to the other.
I am not saying type casting is the wrong way, or that it wont get the job done. It simply isn't necessary if you use other security methods. But to say not typecasting is showing lack of knowledge is nothing short of ignorant.
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot