If you check id's on the letters is it possible to protect yourself from sql injection?

Thanks for checking my site there
check_for_number function($str) {
 $i = strlen($str); 
 while ($i--) {
 if (is_numeric($str[$i])) 
return true;

 else {
 echo '<script type="text/javascript">window.location.replace("example.com");</script>';

$idq = $_GET ['id'];
check_for_number ($idq);

instead of id if we have a string or numbers with the letters we have redirection , is it safe ?
check_for_number allows only numbers
July 2nd 19 at 17:27
3 answers
July 2nd 19 at 17:29
Be easier $idq = intval($_GET ['id']);
July 2nd 19 at 17:31
First you have athletesfoot http request.
And then use the ORM or DBAL for query execution, and use placeholders.
July 2nd 19 at 17:33
First redict not very good
It is better to make so: header ("Location: $url");
Second, if the string to end with a digit, it will return true.
If you need to calculate the ratio of digits to bckuwam, it is better to put the numbers regularity and compare with the total number of (pre-cut from the beginning and end spaces).

Find more questions by tags Information securitySQLMySQLPHPHacking