Home > Article > Backend Development > PHP sprintf() function makes your SQL operations safer_PHP tutorial
PHP sprintf() function makes your SQL operations safer_PHP tutorial
- WBOYOriginal
- 2016-07-21 15:51:121055browse
$bookSQL=sprintf("UPDATE book SET pass=%s WHERE id=%d",
GetSQLValueString($_GET[' id'],"int"));
GetSQLValueString This function can be replaced by other functions
But if the sprintf() function is used in the sql statement! It is relatively safer. For example, for the ID, we can use %d
or when there are many sql operations, use this
$Result = $db-> query($bookSQL) or die(mysql_error());
Add the description of sprintf function below:
Quote
sprintf
Change the characters String formatting.
Syntax: string sprintf(string format, mixed [args]...);
Return value: String
Function type: Data processing
Content Description
This function is used to format strings. The parameter format is the conversion format, starting with the percent sign % and ending with the conversion character. The converted formats include
fill-in-the-blank characters in sequence. If 0, it means that the blanks are filled with 0; blanks are the default value, which means that the blanks are left alone.
Alignment. The default is right-aligned, with negative tables aligned left.
Field width. is the minimum width.
Accuracy. Refers to the number of floating point digits after the decimal point.
type, see the table below % prints the percentage symbol without conversion.
b Convert integer to binary.
c Convert integers to corresponding ASCII characters.
d Convert integer to decimal.
F times precision numbers are converted into floating point numbers.
o Convert integer to octal.
s Convert integer to string.
x integer is converted to lower case hexadecimal.
X integer is converted to uppercase hexadecimal.