[GLLUG] PHP Concatinating Strings
Mike Rambo
mrambo at lsd.k12.mi.us
Wed Feb 25 07:35:41 EST 2004
On Thu, 2004-02-19 at 09:25, Jeremy Bowers wrote:
> Ex Fed wrote:
> >> I don't do PHP and am greatly surprised that PHP's mysql interface
> >> doesn't seem to have a printf-like command like every other scripting
> >> language I've seen. That lets you insert placeholders, pass in the
> >> values, and let the library do the quoting, like this:
> >
> >
> > PHP does in fact support PRINTF and SPRINTF
>
> That's not what I was talking about, quite. In Python (for sure) and
> Perl (I'm pretty sure), you can do something like the following psuedocode:
>
> $connection = makeDatabaseConnectionToSomething()
> $connection->execute("SELECT Record FROM Table WHERE SomeString = ?",
> "T'Pal");
>
> and the database structure will escape the string, *depending on the
> database you connected to*. If you connected to a database that only
> uses apostrophe for the string delimiter, it will result in
>
> SELECT Record FROM Table WHERE SomeString = 'T\'Pal'
>
> whereas if the database also allows quotes, it might return
>
> SELECT Record FROM Table WHERE SomeString = "T'Pal"
>
> You can't do that directly with sprintf. You *can* build something that
> works like this based on sprintf but it can be tricky to get it right.
>
> So I remain surprised that PHP doesn't seem to have this, and more
Either I am completely missing your point or you seem to be talking
about addslashes() are you not?
http://www.php.net/manual/en/ref.strings.php
> particularly that even the mysql_* functions didn't seem to have some
> escaping built in (at least based on my quick scan). If I were working
> with databases in PHP, one of the first things I'd do is try to kludge
> something together that would outsource the escaping to all one
> function, to make sure I didn't make any escaping mistakes. Otherwise
> you're asking for it, because *everybody* forgets a function call now
> and then, and when you don't get an error immediately, you may not
> notice until it's too late. This will also make it easier to change
> databases later if you want, which is a good thing; if you're doing
> bog-simple queries anyhow, it's worth staying database independent.
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user
--
Mike Rambo
mrambo at lsd.k12.mi.us
Air conditioners are a lot like computers. They don't work well with windows open.
More information about the linux-user
mailing list