TalkPHP - View Single Post

Salathe · 10-06-2007, 02:53 PM

Why bother with using sprintf if you're going to be wrapping the username inside a string in the arguments? If you want to use the function properly (in my eye) then go for something more akin to:

PHP Code:


			
// Note: %% outputs a literal percent character with (s)printf
// See:  http://php.net/sprintf for details
$szSQL = sprintf("SELECT user,id,rank FROM users WHERE user LIKE '%%%s%%' ORDER BY id", $szUsername);

Keep the format string (the query) in one place, and the arguments in another. That's the whole idea of using (s)printf in instances like this.

10-06-2007, 02:53 PM	#21 (permalink)
Salathe Moderateur Join Date: Apr 2007 Posts: 1,393 Thanks: 5	Why bother with using `sprintf` if you're going to be wrapping the username inside a string in the arguments? If you want to use the function properly (in my eye) then go for something more akin to: PHP Code: `// Note: %% outputs a literal percent character with (s)printf // See: http://php.net/sprintf for details $szSQL = sprintf("SELECT user,id,rank FROM users WHERE user LIKE '%%%s%%' ORDER BY id", $szUsername);` Keep the format string (the query) in one place, and the arguments in another. That's the whole idea of using (s)printf in instances like this.