Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Oct 2013
    Posts
    16
    Thanks
    2
    Thanked 1 Time in 1 Post

    New to php , need help understanding this code

    I found this code online and i want to understand it, i have read the php documentation but i have found out that the php programming community offers better explanations

    PHP Code:
    function mysql_safe_query($query) {
       
    $args array_slice(func_get_args(),1);
       
    $args array_map('mysql_safe_string',$args);
       return 
    mysql_query(vsprintf($query,$args));
       } 
    I figure the function isn't a builtin php function.array_slice returns a sequence of elements from the array func_get_args with an offset of 1.

    I looked up func_get_args and it's supposed to return a copy of the given element(array? object)?? and I guess vsprintf returns a formatted string, removing the string quotations '' ??

  • #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,640
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Looks like an attempt to prevent sql injection using the antiquated obsolete mysql_query call.

    Current practice is to use either mysqli_prepare and mysqli_bind (or the PDO equivalents) which eliminate the possibility of injection entirely.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •