PHP Security - (int) vs FILTER_VALIDATE_INT

I recently was told there is FILTER_VALIDATE_INT which is great by the way.

My question is in terms of taking an integer value from the website whether it maybe from user or generated from the web application, and passed via query string.

The value (integer) may be displayed or used in mysql query.

I am trying to structure the best possible security method for this.

With that in mind, is it safe to simply use

$myNum = (int)$_GET['num'];

Or

if (filter_var($_GET['num'], FILTER_VALIDATE_INT)) $myNum = $_GET['num'];

Also, please explain what is the difference between using (int) and FILTER_VALIDATE_INT

@deceze would you happen to know if there is much of a difference between filter_var and its is_int counterpart?

@Russell Dias: results for '42' at least (integer represented as string).

@zerkms Oops didn't realize it tests a numeric string too. Thanks for the example ;)

Got it. It makes sense now. Thanks!

@deceze It appears that FILTER_VALIDATE_INT also works with strings submitted from forms, so it works a little bit differently than you described.

@AnthonyRutledge Yes, of course it operates on strings, that's the entire point. If I had an actual int I'd test it with is_int() and would be sure about the kinds of values it can contain.

@deceze You are wise and now you have proven it, too! ;-)

its worth the notice that FILTER_VALIDATE_INT produces unexpected results for floating point numbers eg 3.0 and booleans eg true. TEST