I have a MySql string that I am manually sanitizing/stripping and then parameterizing:
$sql = "SELECT * FROM widgets WHERE widget_id = ? and widget_is_superhuman = ?";
I have an array with the correct amount (in this case 2) of indices to match the number of question-mark-delimiters ("?"). For each index in this array, I want to string-replace the next subsequent ? with the value of the current array index.
Here's how I've set it up:
Code: Select all
for($i = 0; $i < sizeof($params); $i++)
$sql = str_replace("?", $params[$i], $sql);
Or, is there a sprintf()-like function in PHP that I should be using?
Thanks for all suggestions,
Z Harvey