Hello people. I was reading severals scripts, and I saw, all the time, that they used %s... What is the application of that ??? Becuase I'm searching about that and I don't find anything about it ! I know that it's about injection codes... Can anyone give me a web page about it or a forum, but explaining ? Thanks !

In the context about anti-injections codes (string), something about that...

what is the diference between %s and print directly something with a variable ?

the printf based functions essentially cast values to a particular type and work with them in their respective ways. They also let you control things like precision, padding, etc etc. Look at the link i posted above, it has a lot of examples of what can be done with them.

They're really not the best way to prevent sql injection though. Prepared statements in my opinion are the best way to avoid sql injection, combined with the concept of "Filter Input, Escape Output"