What is the principle of zap to judge SQL injection? (zap判断SQL注入的原理是什么？)

[Jun Yin]

My website will use PHP’s built-in function intval() to force type conversion when passing illegal parameters.

Then continue to execute without reporting an error. Every time you scan zap, it repeatedly reports the existence of sql injection. What is the basis for this zap tool to judge? What should I do specifically so that zap thinks I have no loopholes? Returning 403 does not seem to work.

(我的网站对于非法参法传递过来时，会用PHP的内置函数intval()强制类型转换，

然后继续执行，而不会报错，每次扫描zap都反复报sql注入存在，这个zap工具判断的依据是什么？我应该要具体怎么做，zap才会认为我是没有漏洞的？ 返回403好像也不行。)