I am using a pagination for a guestbook and i want to protect the 'page' with real escape string This is what i have now:
$page = (int)(!isset($_GET["page"]) ? 1 : $_GET["page"]);
If tried this but the paginations seems not to work anymmore:
$page = (int)(!isset($_GET["page"]) ? 1 : mysqli_real_escape_string($_GET["page"]));
What should i do to make this work?
You don't need to do any string escaping here, because you've forced the variable to be an integer instead. Even if you turn the integer back into a string, it will only contain digits, so there is no way for anyone to inject SQL into your query.