Defered interpolation

**Rik** · Feb 17 '07, 05:05 PM

Re: Defered interpolation

On Sat, 17 Feb 2007 14:36:28 +0100, Colin McKinnon
<colin.thisisno tmysurname@ntlw orld.deletemeun lessURaBot.comw rote:

Hi all,
>
I'm wondering if this is possible with PHP:
>
$query = "SELECT * FROM table WHERE afield='$someth ing'";
>
has quite a different meaning from
>
$query = 'SELECT * FROM table WHERE afield=\'$somet hing\'';
>
I'm trying to work out if it is possible to use the latter as a primitive
sort of data-binding (I know its not going to prevent injection). I would
create $query before the value of $something is finalised, then apply the
interpolation operation on $query to get it to substitute the variableat
that point.
>
Is there an easy way to do this with PHP?

$querystring = 'SELECT * FROM `table` WHERE `afield` = \'%s\'';
$explicit_query = sprintf($querys tring,'somethin g');

Look at he manual for more options (display as integere, swap around
position or variables etc.):<http://www.php.net/sprintf>
--
Rik Wasmus

**Colin McKinnon** · Feb 19 '07, 08:25 PM

Re: Defered interpolation

Rik wrote:

On Sat, 17 Feb 2007 14:36:28 +0100, Colin McKinnon
<colin.thisisno tmysurname@ntlw orld.deletemeun lessURaBot.comw rote:
>

>>
>I'm trying to work out if it is possible to use the latter as a primitive
>sort of data-binding (I know its not going to prevent injection). I would
>create $query before the value of $something is finalised, then apply the
>interpolatio n operation on $query to get it to substitute the variable at
>that point.
>>
>Is there an easy way to do this with PHP?

>
$querystring = 'SELECT * FROM `table` WHERE `afield` = \'%s\'';
$explicit_query = sprintf($querys tring,'somethin g');
>
Look at he manual for more options (display as integere, swap around
position or variables etc.):<http://www.php.net/sprintf>

Thanks Rik

C.

Defered interpolation

Defered interpolation

Comment

Comment