Home > Backend Development > PHP Tutorial > PHP sprintf() function makes your SQL operations safer_PHP tutorial

PHP sprintf() function makes your SQL operations safer_PHP tutorial

WBOY
Release: 2016-07-21 15:51:12
Original
1096 people have browsed it

$bookSQL=sprintf("UPDATE book SET pass=%s WHERE id=%d",
                                                                            GetSQLValueString($_GET[' id'],"int"));

GetSQLValueString This function can be replaced by other functions

But if the sprintf() function is used in the sql statement! It is relatively safer. For example, for the ID, we can use %d

or when there are many sql operations, use this


$Result = $db-> query($bookSQL) or die(mysql_error());


Add the description of sprintf function below:

Quote
sprintf

Change the characters String formatting.

Syntax: string sprintf(string format, mixed [args]...);

Return value: String

Function type: Data processing

Content Description

This function is used to format strings. The parameter format is the conversion format, starting with the percent sign % and ending with the conversion character. The converted formats include

fill-in-the-blank characters in sequence. If 0, it means that the blanks are filled with 0; blanks are the default value, which means that the blanks are left alone.
Alignment. The default is right-aligned, with negative tables aligned left.
Field width. is the minimum width.
Accuracy. Refers to the number of floating point digits after the decimal point.
type, see the table below % prints the percentage symbol without conversion.
b Convert integer to binary.
c Convert integers to corresponding ASCII characters.
d Convert integer to decimal.
F times precision numbers are converted into floating point numbers.
o Convert integer to octal.
s Convert integer to string.
x integer is converted to lower case hexadecimal.
X integer is converted to uppercase hexadecimal.

http://www.bkjia.com/PHPjc/319182.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/319182.htmlTechArticle$bookSQL=sprintf("UPDATEbookSETpass=%sWHEREid=%d", GetSQLValueString($_POST['list'] ,"text"), GetSQLValueString($_GET['id'],"int")); The GetSQLValueString function can be replaced by something else...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template