Quote:
Originally Posted by Varius
The proper thing to do would just be to properly sanitize all variables that are involved in your queries. If everything is sanitized, there will be no injection. For example, instead of putting quotes around an integer like age, you can verify it's of the proper type and within a specific range.
|
I agree with this. Properly validated integers should be safe to use without quotes.