Aurora078 Posted October 9, 2010 Posted October 9, 2010 I don't get why i should format things. I heard it was good, but whats the difference anyway? Quote
bluegman991 Posted October 9, 2010 Posted October 9, 2010 what kind of fromat? formating strings to numbers / numbers to strings / strings to strings / numbers to numbers int , float , currency , name , etc...? Quote
Dominion Posted October 9, 2010 Posted October 9, 2010 it's explained on the php page for "sprintf" i think ? Quote
a_bertrand Posted October 10, 2010 Posted October 10, 2010 sprintf is a way to somehow secure yourself against SQL Injections. However it doesn't fix all and therefore it is not the solution I would recommend. I would myself use mysql_real_escape_string around any string and a ($var+0) against any number. With that you should be fine against SQL injections (again that's only part of the hacking issues your scripts can have). Quote
Dominion Posted October 10, 2010 Posted October 10, 2010 i only said about sprintf as on the php.net/sprintf page it explains what a formatted string is, it should never be used or relied upon to fix a security hole. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.