sprintf() is usually used in conjunction with
mysql_real_escape_string() where queries are associated.
Mainly i think for code tidyness.
I dont like to have 10 lines of code defining variables, then 10 lines of escaping, then 10 lines for inserting into the query. (slight exaggeration)
I would rather have 11 lines, which define the query and insert formatted escaped string variables.
You could indeed not use sprintf(), but you might end up with something like this.
Code: Select all
$myQuery = "INSERT INTO `table` (`id`,`name`,`age`,`city`,`street`,`postCode`) VALUES ";
$myQuery .= "('".mysql_real_escape_string($id)."', '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($age)."'";
$myQuery = sprintf(INSERT INTO `table` (`id`,`name`,`age`,`city`,`street`,`postCode`) VALUES ('%s','%s','%s','%s','%s','%s')",
mysql_real_escape_string($id),
mysql_real_escape_string($name),
mysql_real_escape_string($age),