The thing I have noticed about programmers of PHP is how little this gramatical clause is not used in PHP, you know how you have to check things are an INT or a String and so with SQL Questions & the code of php.

Take this coding example, where we need an int.



This process for example of putting (int), (float), (string) & so on allows for the variable to be force to that type.. you put this between a variable and it's co-signing.

I don't think it is a good idea to put these kind of typecasts in front of everything. Incorrect use may lead to some unexpected results.

Variables should be controlled on the source and that is in general the form where they are filled in. So it is when the get and post variables are imported, that the validation has to be done by php. For integers this is best done by the intval function and the program can then generate error messages or supply a default value if needed.

I find the example above useless, because $xoopsUser->uid is already defined as an integer.
Furthermore you should even not try to do a SQL request when there is no valid argument data available.

use correctly the XOOPS API (especially the handlers) and your variables will be correctly sanatized.