Do I need to use (int)$id before I use $id in bindValue in Php PDO

问题

I just started using Php Data Objects and one thing I'm not sure about is do I have to validate that some variable is an integer before using it in the query. For example, like this:

$id = (int)$_POST['id']; // is this required    

$query = $pdo->prepare("SELECT * FROM `articles` WHERE `id` = ?");

$query->bindValue(1, $id);

$query->execute();

回答1:

No it's not required for two reasons:

1. You're letting PDO know that you are going to query the database for a column ID. PDO isn't going to parse anything in $_POST['id'].

2. The second value of bindValue is automatically casted to a string (or of any type you might want to select). Here int $data_type = PDO::PARAM_STR

来源：https://stackoverflow.com/questions/16880189/do-i-need-to-use-intid-before-i-use-id-in-bindvalue-in-php-pdo