Jump to content

syntax of sprintf

sudhakararaog

By sudhakararaog
in PHP Coding Help

 Share

Recommended Posts

sudhakararaog Member

sudhakararaog

Posted
Posted

 

until i started using the techniques for avoiding sql injection, i have been using a normal insert and select sql query which worked fine.

 

i have a registration page where a user enters their username and if this already exists i display a message by executing a select query and if the username does not exist then i run an insert query.

 

after adopting the technique to avoid sql injection

 

if(get_magic_quotes_gpc())

{

$username = stripslashes($_POST["username"]);

$email =    stripslashes($_POST["email"]);

}

 

else

{

$username = $_POST["username"];

$email =    $_POST["email"];

}

previously my select and insert query were

 

INSERT INTO individuals(username, email) values('$username', '$email')

Select username from individuals where username = '$username'

 

presently the insert query is

 

$insertquery = sprintf("INSERT INTO individuals (username, email) VALUES ('%s', '%s')",

mysql_real_escape_string($username), mysql_real_escape_string($email));

 

This insert query is working however the select query is not doing its task as before of checking if the username already exists or not, even if i register with the same username again it does not alert that the username exists.

 

the select query is

 

$selectqueryusername = sprintf("Select username from individuals where username='%s'", mysql_real_escape_string($username));

 

should i change the syntax of the above select query or is there something else in need to do to fix the select query.

 

also for insert query if i have a numeric value i should be writting %d correct, i have a numeric value however before inserting that numeric value i am appending a character "-" to combine area code and phone number example 09-123 4567 so i am considering this as %s as there is a character. is this correct.

 

please advice.

 

thanks.

 

Link to comment
https://forums.phpfreaks.com/topic/106530-syntax-of-sprintf/
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

for the date %s should be fine but you could also do this

 

$isodate = sprintf("%04d-%02d-%02d", $year, $month, $day);

 

as for the username check the query looks fine, could the problem be due to other members being inserted before the update?

or the code around it ?

Link to comment
https://forums.phpfreaks.com/topic/106530-syntax-of-sprintf/#findComment-546129
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.