As a warning, do not use this function alone for input validation.
Vulnerable example:
<?php
if(isset($_GET['id']) && intval($_GET['id']) > 0){
echo $id;
}
?>
The following requests would pass this filter:
/page.php?id=10
/page.php?id=10oops
/page.php?id=10<script>alert(1)</script>
/page.php?id=1' OR '1'='1
/page.php?id[]=<script>alert(1)</script>
Instead use the is_numeric() function for integer validation:
<?php
echo intval("10oops"); echo is_numeric("10oops"); ?>
Secure example:
<?php
if(isset($_GET['id']) && is_numeric($_GET['id']) && intval($_GET['id']) > 0){
echo $id;
}
?>
