Posted by Rik on 02/17/07 17:03

On Sat, 17 Feb 2007 14:36:28 +0100, Colin McKinnon =

<colin.thisisnotmysurname@ntlworld.deletemeunlessURaBot.com> wrote:

> Hi all,
>
> I'm wondering if this is possible with PHP:
>
> $query =3D "SELECT * FROM table WHERE afield=3D'$something'";
>
> has quite a different meaning from
>
> $query =3D 'SELECT * FROM table WHERE afield=3D\'$something\'';
>
> I'm trying to work out if it is possible to use the latter as a primit=
ive
> sort of data-binding (I know its not going to prevent injection). I wo=
uld
> create $query before the value of $something is finalised, then apply =
the
> interpolation operation on $query to get it to substitute the variable=
at
> that point.
>
> Is there an easy way to do this with PHP?

$querystring =3D 'SELECT * FROM `table` WHERE `afield` =3D \'%s\'';
$explicit_query =3D sprintf($querystring,'something');

Look at he manual for more options (display as integere, swap around =

position or variables etc.):<http://www.php.net/sprintf>
-- =

Rik Wasmus

[Back to original message]