$bookSQL =sprintf ("UPDATE book SET pass=%s WHERE id=%d",
Getsqlvaluestring ($_post[' list '], "text"),
Getsqlvaluestring ($_get[' id '], "int"));
Getsqlvaluestring This function can be replaced by other functions
But here's the function of sprintf () in the SQL statement! It's relatively safe, like the ID where we can use%d.
Or a lot of SQL operations, use this
$Result = $db->query ($bookSQL) or Die (Mysql_error ());
Here is a description of the function sprintf:
Reference
sprintf
Formats the string.
Syntax: string sprintf (string format, mixed [args] ...);
return value: String
Function type: Data processing
Content Description
This function is used to format a string. The parameter format is the converted form, starting with the percent sign% and ending with the conversion character. The converted format consists of the
Fill the blanks with characters. 0 words means blank space is 0, space is the default value, the space is left.
The Alignment method. The default value is right-aligned, and the minus table is aligned to the left.
Field width. To the minimum width.
Accuracy. Refers to the number of floating-point digits after the decimal point.
Type, see the following table% print percent symbol, do not convert.
b integer turns into binary.
The c integer is converted to the corresponding ASCII character.
D integers are turned into 10.
The F-Times precision number is converted to floating point numbers.
o integers are turned into octal.
The s integer is converted into a string.
The x integer is converted to lowercase 16 rounding.
X integers are converted to uppercase 16 rounding.
The above describes the sprintf php sprintf function to make your SQL operations more secure, including the sprintf aspect of the content, I hope that the PHP tutorial interested in a friend to help.
