what is this -&gt; %

what is this -> %

programguy28

I have seen this at the php.net site - %s when referencing something inside an sql query. The example given is -

<?php
// Quote variable to make safe
function quote_smart($value)
{
   // Stripslashes
   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }
   // Quote if not integer
   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value) . "'";
   }
   return $value;
}

// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
   OR die(mysql_error());

// Make a safe query
$query = sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
           quote_smart($_POST['username']),
           quote_smart($_POST['password']));

mysql_query($query);
?>

I know that 5 % 5 is 5 modulos 5, but this seems to be a string operator, but I cannot find it in Google or Php.net 🙁

subwayman

$query = sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
quote_smart($POST['username']),
quote_smart($POST['password']));

They are arguments for the sprintf() function. They dictate where the values passed to sprintf() get inserted.

Simple example:

$myname = "Johnny";
$myphone = "1234567";

$message = sprintf("My name is %s and you can get me on $s", $myname, $myphone);

$message reads: My name is Johnny and you can get me on 1234567

thorpe

they are usefull for making sure the right data type is passed to your query. for example, %s will only except a string %d will only except an integer.