Checking the data type of the input data can help fight against SQL injection. For example, the following code limits the input data type, which can only be an integer. In this case, injection is impossible to complete.
settype($offset, 'integer'); $query = "SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET $offset;";
// please note %d in the format string, using %s would be meaningless $query = sprintf("SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET %d;", $offset);
The other data format or type checking is also beneficial. For example, the user must enter the data in the mailbox in strict accordance with the format, such as the format of the time and date, to avoid damaging user data. Data type checking is not a panacea, and if the demand is for the user to submit strings, such as a short passage, you will need to rely on other methods to prevent SQL injection.