Constructing SQL statements is compared to
Copy Code code as follows:
$sql = ' SELECT *
From Sdb_comments
WHERE goods_id = '. Intval ($goods _id). '
and for_comment_id is NULL
and object_type = ". $item."
and disabled= "false"
and display = "true";
I prefer to do this:
Copy Code code as follows:
$sql = sprintf (' SELECT *
From Sdb_comments
WHERE goods_id =%.0f
and for_comment_id is NULL
and object_type = '%s '
and disabled= "false"
and display = "true", (float) $goods _id, $item);
This statement is also simple, if it is more complex, with the concatenation of strings, it is a nightmare.
It's convenient to use the second way. But one small problem: When formatting numbers, you need to be aware of their value range. Numeric manipulation of the value of the rhetorical question. Then the final return of SQL is not what we need.
I made a summary today:
%d:2^31~2^31-1 ( -2147483648~2147483647) (converts int to signed decimal)
%b: Binary (convert int type to binary)
%c: Character (converts the int type to characters)
%u:2^32-1 (0 ~ 4294967295) (converts int to signed decimal)
%f: -2^128-2^128 ( -3.4E38 ~+3.4e38) (convert float to float) localization
%F: -2^128-2^128 ( -3.4E38 ~+3.4e38) (convert float to float) non-localized
%o (converts int to octal)
%s: string
%x: Hex that converts an int to lowercase letters
%x: Hex that converts an int to uppercase
Because the IDs in the database can be very large if%d is used, it can occur because it is out of range and does not have the correct result. Therefore, it is much better to use%.0f than%d for the individual to format the ID.
