GET parameters vulnerable to SQL Injection - PHP

Question

I\'ve been asked to handle a security issue for a site which was set up by another programmer. As of yet, I haven\'t seen any of the code, so I\'m going off of assumptions a

Answer 1

If ID and PID are integer fields, why not casting them to int.

That way, you are sure to have a number, an no SQL injection :

$pid = (int) $pid;
$id = (int) $id;