Proper use of str_replace
Posted: Wed May 05, 2010 7:09 pm
Hi,
I have a MySql string that I am manually sanitizing/stripping and then parameterizing:
$sql = "SELECT * FROM widgets WHERE widget_id = ? and widget_is_superhuman = ?";
I have an array with the correct amount (in this case 2) of indices to match the number of question-mark-delimiters ("?"). For each index in this array, I want to string-replace the next subsequent ? with the value of the current array index.
Here's how I've set it up:
The problem is, this will replace *every* ? in the SQL string with the current array index's value; not one subsequent one at a time, like I need it to. I've searched the PHP docs high and low, and can't figure out how to use this function right.
Or, is there a sprintf()-like function in PHP that I should be using?
Thanks for all suggestions,
Z Harvey
I have a MySql string that I am manually sanitizing/stripping and then parameterizing:
$sql = "SELECT * FROM widgets WHERE widget_id = ? and widget_is_superhuman = ?";
I have an array with the correct amount (in this case 2) of indices to match the number of question-mark-delimiters ("?"). For each index in this array, I want to string-replace the next subsequent ? with the value of the current array index.
Here's how I've set it up:
Code: Select all
for($i = 0; $i < sizeof($params); $i++)
$sql = str_replace("?", $params[$i], $sql);
Or, is there a sprintf()-like function in PHP that I should be using?
Thanks for all suggestions,
Z Harvey