Securing your MySQL Queries with Sprintf
View Single Post
11-26-2007, 09:51 PM
Join Date: Oct 2007
Location: Manchester, UK
1. You don't need to use sprintf to secure your queries. Just make sure all user submitted data is the correct data type and strings are escaped (
). IMHO using sprintf makes your code harder to read and is more of a pain than typecasting.
id have to agree there, but i do like the idea, i like seeing new ideas on solving problems, but sprintf isnt for me either, infact i mostly use prepared statements in mysqli these days.
but what ever lights your candle i suppose :)
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
View Public Profile
Send a private message to sketchMedia
Visit sketchMedia's homepage!
Find More Posts by sketchMedia