Thread: SQL Injection and mysql_real_escape_string
View Single Post
Old 05-03-2008, 12:56 AM   #23 (permalink)
Salathe
Moderateur
RegEx Guru PHP Guru Top Contributor Advanced Programmer 
 
Salathe's Avatar
 
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
Salathe is on a distinguished road
Default
Quote:
Originally Posted by delayedinsanity View Post
Semi-off-topic, but is there a way to typecast an objects variables previous to them being set? I was hoping I could do;

PHP Code:
public (string)$m_szString;
public (int)$m_iInteger;

private (array)$m_aArray
at the top of my classes, but it turns out that's a no-no.
-m
No, there isn't. PHP is a dynamically typed language and any initial casting, even if it were applied, could be overridden at any point (hence, dynamic).

Harking back to the topic at hand somewhat, please remember the name of the function being used to escape your input: mysql_escape_string or MySQL Escape String. Escape string. Ok perhaps that came off a little strong but the point is there to be made that that function will only escape string values where expected input and output are strings; not integers, booleans or other types.
Salathe is offline   		Reply With Quote
The Following User Says Thank You to Salathe For This Useful Post:
delayedinsanity (05-03-2008)