PHP Script Showing How to Check an Id Variable is a Number to Protect Against Cross Site Scripting Attacks

Often you will pass the value of a variable to a script via a querystring. If this value should always be a number, e.g. a ProductId, then you can enhance the security of your PHP script by checking the value of the variable is indeed a number.

//retrieve the value of ProductId
$ProductId = $_GET['ProductId'];

//Protection from hackers.  Check ProductId is just a number
$TestForNumber = is_numeric($ProductId);
If ($TestForNumber == 0) {
echo "Sorry, the Product Id tried is not allowed.";
exit();
}