TalkPHP - View Single Post

Salathe · 02-07-2008, 01:18 PM

Now see, this is where using string formatting can make things much easier to handle. Compare all of the examples above to:

PHP Code:


			
$query = sprintf("

    UPDATE athlete

    SET

        athlete  = '%s',

        regno    = '%s',

        gender   = '%s',

        age      = '%s',

        eventno  = '%s',

        distance = '%s',

        stroke   = '%s',

        time     = '%s',

        place    = '%s'

    WHERE

        athlete_number = %d

    ;",

    mysql_real_escape_string($ud_name),

    mysql_real_escape_string($ud_regno),

    mysql_real_escape_string($ud_gender),

    mysql_real_escape_string($ud_age),

    mysql_real_escape_string($ud_eventno),

    mysql_real_escape_string($ud_distance),

    mysql_real_escape_string($ud_stroke),

    mysql_real_escape_string($time),

    mysql_real_escape_string($place),

    (int) $ud_atheletenumber

);

It's much, much easier to spot mistakes when the code is formatted well.

02-07-2008, 01:18 PM	#12 (permalink)
Salathe Moderateur Join Date: Apr 2007 Posts: 1,393 Thanks: 5	Now see, this is where using string formatting can make things much easier to handle. Compare all of the examples above to: PHP Code: $query = sprintf(" UPDATE athlete SET athlete = '%s', regno = '%s', gender = '%s', age = '%s', eventno = '%s', distance = '%s', stroke = '%s', time = '%s', place = '%s' WHERE athlete_number = %d ;", mysql_real_escape_string($ud_name), mysql_real_escape_string($ud_regno), mysql_real_escape_string($ud_gender), mysql_real_escape_string($ud_age), mysql_real_escape_string($ud_eventno), mysql_real_escape_string($ud_distance), mysql_real_escape_string($ud_stroke), mysql_real_escape_string($time), mysql_real_escape_string($place), (int) $ud_atheletenumber ); It's much, much easier to spot mistakes when the code is formatted well.