Is `$var = $var + 0` an acceptable way to prevent SQL injection in PHP?

Best to just use prepared statements. https://dev.mysql.com/doc/apis-php/en/apis-php-mysqli.quickstart.prepared-statements.html.

Related:

Leave a Reply