mysql-real-escape-string

I'm developing a simple PHP database application for internal use but would like to code it to best practices. Some of my pages are receiving integer values from GET requests and I'm just wondering how much validation and sanitation is really required. Currently I'm using $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, $num_options); with specified min and max values. From here I'm exiting with an error message if $num == false Is it necessary to also use $mysqli->real_escape_string($num); Currently I am not bothering because I think it's quite hard to do SQL injection using an

I am attempting to upload a .pdf file into a mysql database using php. It is all good except for the contents of the file. No matter how I seem try to escape special characters, the query always fails, mostly with "Unknown Command \n". I have used addslashes, mysql_real_escape_string, removeslashes etc. Does anyone have any ideas on how to escape file contents? Many Thanks, I've used the following sequence before, which seems to work nicely, and will store any data into the db, including images, pdfs, arrays of data, etc... :) Storing the data (can be a string, array, object, etc.); First,

$submit=$_POST['submit']; $fullname=$_POST['fullname']; $phone=preg_replace('/[^0-9]/', '', $_POST['phone']); $phone = (int) $phone; $adress=$_POST['city'] . ' ' . $_POST['district'] . ' ' . $_POST['adress']; $friends=$_POST['friends']; $school=$_POST['school']; $info=$_POST['info']; $dob = $_POST['year']."-". $_POST['month']."-".$_POST['day']; Recently i added to my page: foreach ($_POST as $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } i want to sanitize all $_POST's ( http://prntscr.com/22uot ) ID 20 before adding mysql_real_escape_string() to my page, id 22 after. My