md5() and sprintf()

pablogosse

Hi all. I'm going to use md5() to store passwords in my database, and I'm just wondering about the use of md5() and sprintf().

In the security section of the php docs there's the following example:

// storing password hash
$query  = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
            addslashes($username), md5($password));
$result = pg_exec($connection, $query);

what I'm wondering is what is the difference between that and the following:

$query = "INSERT INTO users(name,pwd) VALUES('".addslashes($username)."','".md5($password)."');"
$result = pg_exec($connection,$query);

what is the effect of using sprintf() on the query.

When I use the following code the results are exactly the same:

echo "username=".$_GET['username']." password=".md5($_GET['password'])."<br>"; 
echo sprintf("username=%s password=%s",$_GET['username'],md5($_GET['password']));

Thanks in advance.
P.

Weedpacket

sprintf() is much more CPU-intensive.

pablogosse

Okay, but since they seem to produce the same output, what are the advantages/disadvantages of using one technique over the other aside from the fact that one is much more CPU intensive?

To me the output of echo "password ".md5($POST['password']); and echo sprintf("password %s",md5($POST['password'])); seem exactly the same, or am I missing something here?

Thanks in advance,
Pablo

Weedpacket

For the given examples, CPU-load is the only difference. sprintf() and printf() only become more useful in two situations (that I can think of OTTOMH): when you want to use more elaborate formatting constructs like minimum width etc.; and when you want to implement a string library, where some of the strings need slots in which to insert data (e.g., for i18n purposes).