How to Order Preventing SQL Injection

http://target.com/berita.php?content=detail&id=1
Basically the website is still such a beginner setting:, source code is as follows on berita.php
Source Codeview sourceprint?01 <? Php02 include "connect.inc.php";03$ 04 sql = "SELECT * FROM news WHERE id =".$_ GET ['id'];$ 05 result = mysql_query ($ sql);0607 while ($ news = mysql_fetch_array ())08 {09 echo "$ news ['title']";10 echo "Posting on:". $ News ['tanggal_posting'];11 echo $ news ['content'];12}13?>
In the example code above, it appears that the programmer does not provide a filter on the input $ _GET ['id']. Yet this is very dangerous if an intruder tries to do this technique.
Source Code In the above, there are two fatal errors:

    * Does not provide a filter on the variable $ _GET ['id']. So that the MySQL Server will provide an error signal to the browser (if the PHP error_message = ON).
    * Refraining from checking the results of the query.
Then, how to overcome it. How easily we modify the above Source Code as follows:
Source Codeview sourceprint?01 <?02 include "connect.inc.php";03 Filters $ _GET ['id']04 if (! Ctype_digit ($ _GET ['id']))05 {06 die ("alert ('SQL Injection Detected'); window.history.go (-1 );");07}08$ 09 sql = "SELECT * FROM news WHERE id =".$_ GET ['id'];$ 10 result = mysql_query ($ sql);1112 / / filter the query results13 if (mysql_num_rows ($ result) <0)14 {15 while ($ news = mysql_fetch_array ())16 {17 echo "$ news ['title']";18 echo "Posting on:". $ News ['tanggal_posting'];19 echo $ news ['content'];20}21}22 else23 {24 echo "Sorry, the news was not found.";25}26?>
The purpose of the Modified Source Code above:
1. On Filter $ _GET ['id'], if he is worth Integer (number), then the process was continued by the MySQL query. If not, then it will show in Alert "SQL Injection Detected." And then view the first return.
2. Conducting Process Query on demand variable $ _GET ['id']
3. The requested filter query results. If the result is greater than 0 (1,2, etc.), take the query results in a database and show it to the browser screen. If it does not show the message "Sorry, the news was not found.".
With a simple example script above, please in the developing process of SQL Injection Filter. My advice, always looking for information about web security, if my friends are a webmaster or web programmer.