Should you have a number as ID? Then you are to reduce it to number.

Should you have a number as ID? Then you are to reduce it to number.

I’ve reduced it like this: $id=intval($id);

Is it right?

How to get value of ID-variable with GET-method with following placing it into request correctly and securely?

Tell me, please! I need it very much.

Stre@m, having read the heading of the topic I thought that we are going to speak about sql-requests not about GET-method. That confused me.

By the way, I never understood what is implied with term ‘getting variables with X-method’. If it implies filling in super global massive with PHP-interpreter (and/or everything preceding it) then everything seems rather strange to me; I have a suspicion that many haven’t got any idea what kind of process that is. I think the author of the topic hasn’t got any idea about this process either. But I also suppose that he doesn’t need it very much. You don’t need to write anything in PHP to fill in this super global massive. And you also don’t need to set up anything…

If this term covers access to massive element which is more likely, you should invent name for such method of getting data:
$my_array['my_field']

From logical point of view such method would be called ‘getting variables with my_array method’

Stre@m, the answer is that no variables should be verified. We simply take them and place into the request correctly.

By the way, if this connection exists, why don’t you add some expressive phrase which would tell clearly that you are treat all the variables like this not only those that came from the outside? And as far as question of sql-injections and slashes is discussed there it would be good to mention second-order sql-injection which is forgotten by the most. At least there should be some phrases that something like it also may happen.