TalkPHP - View Single Post

drewbee · 06-25-2008, 05:54 PM

To clean things up even a bit more, I am now going to use sprintf to write queries. Is this really necessary? I see them doing this in the manual, and have never done it myself.

PHP Code:


			
// No need for casting as %d in sprintf will take care ofit.
$_GET['group_id'] = isset($_GET['group_id']) ? $_GET['group_id'] : 0;
$_POST['username'] = isset($_POST['username']) ? $_POST['username'] : '';
 
$query = sprintf("SELECT   *  
                  FROM     users 
                  WHERE    user_name='%s' AND 
                           user_group='%d'",
         mysql_real_escape_string($_POST['user_name']),
         $_GET['user_group']
                 );

06-25-2008, 05:54 PM	#2 (permalink)
drewbee The Acquainted Join Date: May 2008 Posts: 175 Thanks: 9	To clean things up even a bit more, I am now going to use sprintf to write queries. Is this really necessary? I see them doing this in the manual, and have never done it myself. PHP Code: // No need for casting as %d in sprintf will take care ofit. $_GET['group_id'] = isset($_GET['group_id']) ? $_GET['group_id'] : 0; $_POST['username'] = isset($_POST['username']) ? $_POST['username'] : ''; $query = sprintf("SELECT * FROM users WHERE user_name='%s' AND user_group='%d'", mysql_real_escape_string($_POST['user_name']), $_GET['user_group'] ); __________________ There are No Stupid Questions. But there a LOT of Inquisitive Idiots.