On Fri, May 26, 2006 10:39 am, Dotan Cohen wrote: > What is the purpose of the sprintf? If it were using %d on integers I > could see the point, but as we're talking about %s strings, what is > the advantage to using sprintf? None, really. > How does this differ from: > $query = "SELECT * FROM users WHERE user=".$_POST['username']." AND > password=".$_POST['password']; Well, except that you forgot to actually use the smart_quote() function around the POST data, no difference really. Some would find the sprintf more readable. It also leads more naturally to the usage of prepared queries wherein the data cannot be un-escaped by programmer error/accident. But if the sprintf offends you, skip it. Just don't skip the smart_quote bit. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
