Hello people. I was reading severals scripts, and I saw, all the time, that they used %s... What is the application of that ??? Becuase I'm searching about that and I don't find anything about it ! I know that it's about injection codes... Can anyone give me a web page about it or a forum, but explaining ? Thanks !
P0lT10n
Recommended Answers
Jump to PostIn what context do you see "%s"?
Jump to Postit is used in context with sprintf and printf etc? http://php.net/manual/en/function.sprintf.php
All 5 Replies
quasipickle
0
Light Poster
In what context do you see "%s"?
P0lT10n
In the context about anti-injections codes (string), something about that...
mschroeder
251
Bestower of Knowledge
Team Colleague
P0lT10n
what is the diference between %s and print directly something with a variable ?
mschroeder
251
Bestower of Knowledge
Team Colleague
the printf based functions essentially cast values to a particular type and work with them in their respective ways. They also let you control things like precision, padding, etc etc. Look at the link i posted above, it has a lot of examples of what can be done with them.
They're really not the best way to prevent sql injection though. Prepared statements in my opinion are the best way to avoid sql injection, combined with the concept of "Filter Input, Escape Output"
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.