Using mysql_real_escape_string with sprintf
- From: drtebi@xxxxxxxxx
- Date: 24 Oct 2006 04:55:11 -0700
Hello,
I would like you to check out this little snippet of code and tell me
if I could go wrong with this. Basically, the problem is that I need to
input NULL values when a variable is an empty string. I can't do it
with the normal sprintf and mysql_real_escape_string method as
mentioned on http://us2.php.net/mysql_real_escape_string because I
would have to put quotes around the %s, but then I would get the string
'null' instead of null...
So this is my solution so far:
-------------
function prepvar($var) {
if (empty($var)) {
$var = 'null';
} elseif (ctype_digit($var)) {
$var = (int) $var;
} else {
$var = "'" . mysql_real_escape_string($var) . "'";
}
return $var;
}
$query = sprintf('INSERT INTO contacts VALUES(%s, %s, %s, %s)',
$id,
prepvar($name),
prepvar($phone),
prepvar($interests)
);
mysql_query($query) or die(mysql_error());
-------------
Now all positive integers would become e.g. 4 or 343.
Integers in string form would become '4' or '343', which is no problem
with mysql, it doesn't really care if I quote integers or not even for
an integer field (as far as I know).
Anything 0, false, null, '', array(), or declared variables without a
value will become null. This may not always be wanted, but in my case
that's exactly what I want... I want anything that's empty to be null
in my tables. Any string should still be properly escaped.
Any comments?
.
- Prev by Date: how to lock a block of php codes
- Next by Date: Re: how do enable php to run "--with-mysql" ro curl on Windows XP?
- Previous by thread: how to lock a block of php codes
- Next by thread: HTML email with PHP tags
- Index(es):
Relevant Pages
|
