Quotes around numeric data in queries
by GJSenthil[ Edit ] 2010-01-28 21:59:30
Quotes around numeric data in queries
For numeric columns in MySQL, you shouldn't put quotes around any of their values in queries. As our resident database guru, MattR, says, "that is very non-standard and will only work on MySQL." But if it's unknown data, how do you know that it's numeric and not letters that will cause an error? You can make sure that only a number is used in the query by first type-casting the data as int (or float for decimal numbers):
// If id is being passed in the URL
$id = (int) $_GET['id'];
$r = mysql_query("SELECT * FROM table WHERE id=$id");
Then even if id is set to "abc," the worst that can happen is a 0 will be used in the query. No quotes; no error.
