By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,304 Members | 1,253 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,304 IT Pros & Developers. It's quick & easy.

Defered interpolation

P: n/a
Hi all,

I'm wondering if this is possible with PHP:

$query = "SELECT * FROM table WHERE afield='$something'";

has quite a different meaning from

$query = 'SELECT * FROM table WHERE afield=\'$something\'';

I'm trying to work out if it is possible to use the latter as a primitive
sort of data-binding (I know its not going to prevent injection). I would
create $query before the value of $something is finalised, then apply the
interpolation operation on $query to get it to substitute the variable at
that point.

Is there an easy way to do this with PHP?

TIA,

C.
Feb 17 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Rik
On Sat, 17 Feb 2007 14:36:28 +0100, Colin McKinnon
<co**********************@ntlworld.deletemeunlessU RaBot.comwrote:
Hi all,

I'm wondering if this is possible with PHP:

$query = "SELECT * FROM table WHERE afield='$something'";

has quite a different meaning from

$query = 'SELECT * FROM table WHERE afield=\'$something\'';

I'm trying to work out if it is possible to use the latter as a primitive
sort of data-binding (I know its not going to prevent injection). I would
create $query before the value of $something is finalised, then apply the
interpolation operation on $query to get it to substitute the variableat
that point.

Is there an easy way to do this with PHP?
$querystring = 'SELECT * FROM `table` WHERE `afield` = \'%s\'';
$explicit_query = sprintf($querystring,'something');

Look at he manual for more options (display as integere, swap around
position or variables etc.):<http://www.php.net/sprintf>
--
Rik Wasmus
Feb 17 '07 #2

P: n/a
Rik wrote:
On Sat, 17 Feb 2007 14:36:28 +0100, Colin McKinnon
<co**********************@ntlworld.deletemeunlessU RaBot.comwrote:
>>
I'm trying to work out if it is possible to use the latter as a primitive
sort of data-binding (I know its not going to prevent injection). I would
create $query before the value of $something is finalised, then apply the
interpolation operation on $query to get it to substitute the variable at
that point.

Is there an easy way to do this with PHP?

$querystring = 'SELECT * FROM `table` WHERE `afield` = \'%s\'';
$explicit_query = sprintf($querystring,'something');

Look at he manual for more options (display as integere, swap around
position or variables etc.):<http://www.php.net/sprintf>
Thanks Rik

C.

Feb 19 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.