The other day a friend and I were chatting about coding principles and I noticed he had a few points in a script that could be vulnerable.  When you accept input in your script from outside sources we have found that using type casting helps reduce potential errors and exploits.

Here is a simple example of an potential bug:

function foo( $inval ){
//Foo will increment $inval by 10
$inval += 10;
}

Now in function foo we accept a unknown value but didn't make a check to make sure it was numeric.  We could of added the if structure to this function but then it wouldn't be as tight.Here is a way to use type casting to keep the function smaller but reduce the chance of error:

function foo( $inval ){
//Foo will increment $inval by 10
$inval = ( (int) $inval ) + 10;
}

Now what ever gets passed into foo will be guaranteed to be an integer and not cause any weird errors.  I use this a lot when I'm passing in table ID values from forms.  This way a hacker can't inject an error into our code and make the script do something we didn't expect it to do.