Timeline for Type casting variables in PHP, what is the practical reason for doing this?
Current License: CC BY-SA 2.5
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Feb 21, 2017 at 20:42 | comment | added | galdikas | As far as I know not casting ints, that are used in where clause can lead to MySql not using index of that fiels (provided there is one). Anyone can confirm/deny? | |
| Jan 5, 2011 at 19:15 | comment | added | mipadi | The OP isn't messing up the weak/strong vs. dynamic/static distinction. He's asking about PHP's automatic coercion of types. In weakly-typed languages, values can be coerced from one type to another automatically (as opposed to a strongly-typed language, where such coercion is not implicit). Since the question is in regards to this coercion, it really is about weak typing, not dynamic typing. (This same coercion could conceivably happen in a statically-typed language, and the question would still be relevant.) | |
| Jan 3, 2011 at 12:45 | comment | added | Mchl | A link with some more details: ilia.ws/archives/… | |
| Jan 3, 2011 at 12:30 | comment | added | Mchl |
mysql_real_escape_string() has a vulnerability of doing nothing to strings like '0x01ABCDEF' (i.e. hexadecimal representation of an integer). In some multibyte encodings (not Unicode lucklily) a string like this can be used to break the query (because it gets evaluated by MySQL to something that contains a quote). That's why neither mysql_real_escape_string() nor is_int() is the best choice for dealing with integer values. Typecasting is.
|
|
| Dec 7, 2010 at 20:11 | comment | added | Javier | it's shorter :-) of course, for strings i use parameterized queries, or (if using the old mysql extension) escape it. | |
| Dec 7, 2010 at 20:08 | comment | added | Stephen |
It's funny that you bring up SQL injection. I was arguing over on SO with someone using this technique to sanitize user input. But what problem does this method solve that mysql_real_escape_string($id); doesn't already?
|
|
| Dec 7, 2010 at 19:56 | history | edited | Javier | CC BY-SA 2.5 |
added 821 characters in body
|
| Dec 7, 2010 at 15:40 | comment | added | Stephen | I'll accept that. Now, as far as the usefulness of Type Casting? | |
| Dec 7, 2010 at 14:23 | history | answered | Javier | CC BY-SA 2.5 |