星期三, 5月 30, 2007

printf / sprintf in PHP

Most programmers are familiar with printf/sprinf in languages such as C/C++.
They have the following benefits
1. Ease of use and clarity - the flexablility to define a format string such as "%d, %s"
2.
Maximum efficiency (ability to directly use existing buffers)
and drawbacks
3.
Length safety
4.
Type safety
5.
Templatability

#3.,#4. #5. doesn't apply to PHP language in general, therefore its a good idea to use printf/sprintf exclusively. Question is how? How to enhance printf without going through much work?

First we look at what kind of enhancement could be done? We can obviously enhance #1. by creating a new string symbol, for example %dbs, %dbs would work like %s, except it would
perform mysql_escape_string implicitly.

The perl regular expression and callback comes to rescue.
The following is a snap from drupal source.



/**
* Helper function for db_query().
*/
function _db_query_callback($match, $init = FALSE) {
static $args = NULL;
if ($init) {
$args = $match;
return;
}

switch ($match[1]) {
case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?)
return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe
case '%s':
return db_escape_string(array_shift($args));
case '%%':
return '%';
case '%f':
return (float) array_shift($args);
case '%b': // binary data
return db_encode_blob(array_shift($args));
}
}

/**
* Indicates the place holders that should be replaced in _db_query_callback().
*/
define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/');

/**
* Runs a basic query in the active database.
*
* User-supplied arguments to the query should be passed in as separate
* parameters so that they can be properly escaped to avoid SQL injection
* attacks.
*
* @param $query
* A string containing an SQL query.
* @param ...
* A variable number of arguments which are substituted into the query
* using printf() syntax. Instead of a variable number of query arguments,
* you may also pass a single array containing the query arguments.

* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
* in '') and %%.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
*
* @return
* A database query result resource, or FALSE if the query was not
* executed correctly.
*/
function db_query($query) {
$args = func_get_args();
array_shift($args);
$query = db_prefix_tables($query);
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
_db_query_callback($args, TRUE);
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
return _db_query($query);
}


Happy Coding!

沒有留言: