PHP sprintf () function to make your SQL operations more secure _php tips

$bookSQL =sprintf ("UPDATE book SET pass=%s WHERE id=%d",
Getsqlvaluestring ($_post[' list ', "text"),
Getsqlvaluestring ($_get[' id '], "int"));

Getsqlvaluestring This function, you can replace it with another function.

But use the sprintf () function here in the SQL statement! It's relatively safe, like IDs where we can use%d

Or when you have a lot of SQL operations, use this.


$Result = $db->query ($bookSQL) or Die (Mysql_error ());


Here's a description of the sprintf function:

Reference
sprintf

Formats the string.

Syntax: string sprintf (string format, mixed [args] ...);

return value: String

Function type: Data processing

Content Description

This function is used to format strings. The parameter format is the format of the transformation, starting with the percent sign to the converted character. The format of the conversion is included in the

The blank character. 0, the space is filled 0, the space is the default value, which means that the space is placed.
The Alignment method. The default value is aligned to the right, and the minus table is left-aligned.
The field width. is the minimum width.
Accuracy. Refers to the number of floating-point digits after the decimal point.
Type, see the following table% print percent symbol, do not convert.
The b integer is converted into binary.
The c integer is converted to the corresponding ASCII character.
The d integer is turned into 10.
The F times the precision number is converted to floating point numbers.
The o integer is converted into octal.
The s integer turns into a string.
The x integer is converted to lowercase 16.
The X integer is converted to uppercase 16.