[GLLUG] PHP Concatinating Strings

Mike Rambo mrambo at lsd.k12.mi.us
Wed Feb 25 07:35:41 EST 2004 

On Thu, 2004-02-19 at 09:25, Jeremy Bowers wrote:
> Ex Fed wrote:
> >> I don't do PHP and am greatly surprised that PHP's mysql interface
> >> doesn't seem to have a printf-like command like every other scripting
> >> language I've seen. That lets you insert placeholders, pass in the
> >> values, and let the library do the quoting, like this:
> > 
> > 
> > PHP does in fact support PRINTF and SPRINTF
> 
> That's not what I was talking about, quite. In Python (for sure) and 
> Perl (I'm pretty sure), you can do something like the following psuedocode:
> 
> $connection = makeDatabaseConnectionToSomething()
> $connection->execute("SELECT Record FROM Table WHERE SomeString = ?", 
> "T'Pal");
> 
> and the database structure will escape the string, *depending on the 
> database you connected to*. If you connected to a database that only 
> uses apostrophe for the string delimiter, it will result in
> 
> SELECT Record FROM Table WHERE SomeString = 'T\'Pal'
> 
> whereas if the database also allows quotes, it might return
> 
> SELECT Record FROM Table WHERE SomeString = "T'Pal"
> 
> You can't do that directly with sprintf. You *can* build something that 
> works like this based on sprintf but it can be tricky to get it right.
> 
> So I remain surprised that PHP doesn't seem to have this, and more 

Either I am completely missing your point or you seem to be talking
about addslashes() are you not?

http://www.php.net/manual/en/ref.strings.php

> particularly that even the mysql_* functions didn't seem to have some 
> escaping built in (at least based on my quick scan). If I were working 
> with databases in PHP, one of the first things I'd do is try to kludge 
> something together that would outsource the escaping to all one 
> function, to make sure I didn't make any escaping mistakes. Otherwise 
> you're asking for it, because *everybody* forgets a function call now 
> and then, and when you don't get an error immediately, you may not 
> notice until it's too late. This will also make it easier to change 
> databases later if you want, which is a good thing; if you're doing 
> bog-simple queries anyhow, it's worth staying database independent.
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user
-- 
Mike Rambo
mrambo at lsd.k12.mi.us

Air conditioners are a lot like computers. They don't work well with windows open.

More information about the linux-user mailing list