sprintf for db query strings

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I notice that many examples in the manual use sprintf in constructing
database query strings.  Is this just style, or are there some serious
advantages to sprintf over concatenating the string, assuming in both
cases that the variable parts of the string are properly sanitized?

Lars Eighner     <http://larseighner.com/ <http://myspace.com/larseighner
                         Countdown: 566 days to go.
   Friends of Lizbeth: help replace failed a/c at Austin's no-kill shelter

Re: sprintf for db query strings

Quoted text here. Click to load it

Just style.  Personally I don't like the whole sprintf thing and
prefer concatenation.  Others prefer to put everything in double-
quotes so variables are automatically inserted.  It's all personal

Re: sprintf for db query strings

ZeldorBlat wrote:

Quoted text here. Click to load it

Others use query bindings, so you don't even have to bother sanitizing the
variable contents.

Again, just coding style, and convenience for each particular case.

Iván Sánchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-

Quien puede decir cuanto ama, pequeño amor siente.- Francesco Petrarca.

Site Timeline