Hello people. I was reading severals scripts, and I saw, all the time, that they used %s... What is the application of that ??? Becuase I'm searching about that and I don't find anything about it ! I know that it's about injection codes... Can anyone give me a web page about it or a forum, but explaining ? Thanks !

6 Years
Discussion Span
Last Post by mschroeder

In the context about anti-injections codes (string), something about that...


what is the diference between %s and print directly something with a variable ?


the printf based functions essentially cast values to a particular type and work with them in their respective ways. They also let you control things like precision, padding, etc etc. Look at the link i posted above, it has a lot of examples of what can be done with them.

They're really not the best way to prevent sql injection though. Prepared statements in my opinion are the best way to avoid sql injection, combined with the concept of "Filter Input, Escape Output"

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.