|
|
Posted by Michael Fesser on 09/03/07 15:10
..oO(The Natural Philosopher)
>All I am saying is that if something is coining in from a POST with
>backslashes and quotes, to set it up right for web printing if thats
>what you call it, it has to be de backslashed and special-charred.
And all I am saying is that in a proper control flow there's no need to
de-backslash anything, because no unnecessary backslashes would be
stored anywhere.
>If you take the magic off, it has to BE backslashed for SQL
True, but the escaping is just for the transport into the DB table, the
backslashes are not stored there.
>and still
>has to be html special charred for the screen.
Correct. But that's the _only_ thing which is necessary for output.
>>> Printf is slow, and an unnecessary overhead.
>>
>if it had no advantages it would never have been written. But writing a
>200 long SELECT <OPTION >statement with a call to printf for each one..
Still no problem: <http://mfesser.de/test/sprintf.php>
Source code: <http://mfesser.de/test/sprintf.php?source>
The differences are absolutely negligible.
>Maybe I am old fashioned, but I try not to use sledgehammers to crack
>nuts, especially in loops.
That's OK, but the real bottlenecks (especially in PHP code) are always
in other places. I prefer code legibility over performance, and for me
an sprintf() call is much more readable than anything else, especially
if there are many variables or expressions involved. The performance hit
is not an issue (if it could be called a hit at all).
Micha
Navigation:
[Reply to this message]
|