$ Booksql = sprintf ("Update book set pass = % s where id = % d ",
Getsqlvaluestring ($ _ post ['LIST'], "text "),
Getsqlvaluestring ($ _ Get ['id'], "int "));
The getsqlvaluestring function can be changed to another function.
But use the sprintf () function in the SQL statement! It is much safer. For example, we can use % d for ID.
Or when there are a lot of SQL operations, use this
$ Result = $ db-> query ($ booksql) or die (mysql_error ());
The sprintf function is added below:
Reference
Sprintf
Format the string.
Syntax: String sprintf (string format, mixed [ARGs]...);
Return Value: String
Function Type: Data Processing
Description
This function is used to format strings. The format parameter is the conversion format, starting with the percent sign % to the conversion character. The format of the conversion includes
Fill in the blanks. If the value is 0, it indicates that the space is set to 0; if the value is 0, it indicates that the space is placed.
Alignment. The default value is right-aligned, and the negative number table is left-aligned.
Field width. Minimum width.
Precision. The number of digits after the decimal point.
Type, as shown in the following table %. Do not convert.
The integer B is converted into binary.
The C integer is converted to the corresponding ASCII character.
D integer to decimal place.
F times the precision number to the floating point number.
O integer to octal.
The S integer is converted into a string.
Convert an integer to a lowercase hexadecimal value.
Convert X to uppercase hexadecimal.