SMF 2.0: variable type handling in DB queries?

[OutofOrder]

Hello, i was wondering this while updating my custom mod to make it work in the new RC1 version of SMF 2.0.
I was checking the code behind the smf_db_replacement__callback function to understand variable types better (since I couldn't find documentation on this yet), and apparently type handling involves taking care of cleaning and escaping.
So my question actually is, do i bother escaping variables before the $smcFunc call?
So if i'm going to have a query like ...

Code Select Expand


<?php
$result = $smcFunc['db_insert']('insert',
 'my_table',
 array(
   'my_int_field' => 'int',
   'my_string_field' => 'string',
 ),
 array(
   $myNumber, $myName
 )
?>

...should i not bother doing something like ...

Code Select Expand


<?php
$myNumber = (int) $_POST['number'];
$myName = mysql_real_escape_string($_POST['name']);
?>

...before the query?

In all, if i'm going to use query type handling and not being careful, i might be doing double-checks for integer types, and double-escaping for string types. Is this correct?

[niko]

You do NOT escape parameters (it will be double escaped if you do that).

However, you should however make sure that variables are correct type

So if you say it's int, it really is, otherwise it will give error (invalid variable type), you might want to give nice error message so they know what went wrong.

[OutofOrder]

Allright. Thanks for the heads up