[Novice PHP] Talk about the pros and cons of the following wording

Source: Internet
Author: User
$sql = "Update table set Nikename= ' {$nikename} ' where userid={$userid}";

$sql =sprintf ("Update table set Nikename= '%s ' where userid=%d", $nikename, $userid)


Reply to discussion (solution)

I don't know, it feels like PHP is very hot now.

I'm going to have to quote you first.
Mysql_real_escape_string ($nikename)
Mysql_real_escape_string ($userid)

In the second way,%d can determine that $userid must be a number, not a string.

PHP is learning, can't read

$sql =mysql_query ("Update ulist set name= ' $name ' where id= $id");

I usually write that. Do not know what the difference between the landlord.

The habit is the first to write directly to SQL, the second is to encapsulate the time.

The 2nd way of writing is much clearer than the 1th, even without the need for a memo
In terms of operational efficiency, the two are about the same.

$nikename = "Test ';d elete ...";
$sql = "Update table set Nikename= ' {$nikename} ' where userid={$userid}";
Var_dump ($sql);

The two methods are similar, the first kind of habit. But both of these need to filter the data, otherwise there is an injection.

Decisive PDO ...

$sql = "Update table set Nikename= ' {$nikename} ' where userid={$userid}";
Advantages: Intuitive. The speed should be slightly faster than the second type.
Cons: SQL injection risk.

$sql =sprintf ("Update table set Nikename= '%s ' where userid=%d", $nikename, $userid)
Pros: Intuitive and mandatory userid is numeric.
Cons: SQL injection risk.

I usually use the first kind.
Efficiency well, I guess the first one is faster.

The second kind I haven't seen. I'm kind of ignorant.

In fact, I have been the second (not for several years of PHP project), this month to a company to say the first kind of good, can't think of a good ask a question to write PHP time long brothers and sisters

Just getting started.

Programmers familiar with C must be accustomed to the second kind of

Indicates that the first form of writing has been 、、、、、

Individuals feel that the first is faster than the second,
Even if it's just a little bit,
After all, the second way is to pass a function to format the string,
Let's take echo and print,
Books have mentioned that the former is more efficient than the latter,
The latter will return a value and the former will not,
Of course, the PHP documentation doesn't mention this,
Besides, you're using sprintf now,
Maybe your company feels the same way, right?
and will using mysqli stmt better than sprintf?
Mysqli stmt seems safer and reads clearly.

Purely personal opinion, I am also a novice, haha ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.