PHP sprintf () function makes your SQL operations more secure

$ Booksql = sprintf ("Update book set pass = % s where id = % d ",
Getsqlvaluestring ($ _ post ['LIST'], "text "),
Getsqlvaluestring ($ _ Get ['id'], "int "));

The getsqlvaluestring function can be changed to another function.

But use the sprintf () function in the SQL statement! It is much safer. For example, we can use % d for ID.

Or when there are a lot of SQL operations, use this

$ Result = $ db-> query ($ booksql) or die (mysql_error ());

The sprintf function is added below:

Reference
Sprintf

Format the string.

Syntax: String sprintf (string format, mixed [ARGs]...);

Return Value: String

Function Type: Data Processing

Description

This function is used to format strings. The format parameter is the conversion format, starting with the percent sign % to the conversion character. The format of the conversion includes

Fill in the blanks. If the value is 0, it indicates that the space is set to 0; if the value is 0, it indicates that the space is placed.
Alignment. The default value is right-aligned, and the negative number table is left-aligned.
Field width. Minimum width.
Precision. The number of digits after the decimal point.
Type, as shown in the following table %. Do not convert.
The integer B is converted into binary.
The C integer is converted to the corresponding ASCII character.
D integer to decimal place.
F times the precision number to the floating point number.
O integer to octal.
The S integer is converted into a string.
Convert an integer to a lowercase hexadecimal value.
Convert X to uppercase hexadecimal.