Aurora078 Posted October 9, 2010 Share Posted October 9, 2010 I don't get why i should format things. I heard it was good, but whats the difference anyway? Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted October 9, 2010 Share Posted October 9, 2010 what kind of fromat? formating strings to numbers / numbers to strings / strings to strings / numbers to numbers int , float , currency , name , etc...? Quote Link to comment Share on other sites More sharing options...
Aurora078 Posted October 9, 2010 Author Share Posted October 9, 2010 In general Quote Link to comment Share on other sites More sharing options...
Dominion Posted October 9, 2010 Share Posted October 9, 2010 it's explained on the php page for "sprintf" i think ? Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted October 10, 2010 Share Posted October 10, 2010 sprintf is a way to somehow secure yourself against SQL Injections. However it doesn't fix all and therefore it is not the solution I would recommend. I would myself use mysql_real_escape_string around any string and a ($var+0) against any number. With that you should be fine against SQL injections (again that's only part of the hacking issues your scripts can have). Quote Link to comment Share on other sites More sharing options...
Dominion Posted October 10, 2010 Share Posted October 10, 2010 i only said about sprintf as on the php.net/sprintf page it explains what a formatted string is, it should never be used or relied upon to fix a security hole. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.